Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in RPM
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in RPM
ID: FEDORA-2014-16838
Distribution: Fedora
Plattformen: Fedora 20
Datum: Mo, 29. Dezember 2014, 23:39
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118
Applikationen: RPM

Originalnachricht

Name        : rpm
Product : Fedora 20
Version : 4.11.3
Release : 2.fc20
URL : http://www.rpm.org/
Summary : The RPM package management system
Description :
The RPM Package Manager (RPM) is a powerful command line driven
package management system capable of installing, uninstalling,
verifying, querying, and updating software packages. Each software
package consists of an archive of files along with information about
the package like its version, a description, etc.

-------------------------------------------------------------------------------
-
Update Information:

- Add check against malicious CPIO file name size
- Fix race condidition where unchecked data is exposed in the file system

-------------------------------------------------------------------------------
-
ChangeLog:

* Fri Dec 12 2014 Lubos Kardos <lkardos@redhat.com> - 4.11.3-2
- Add check against malicious CPIO file name size (#1168715)
- Fixes CVE-2014-8118
- Fix race condidition where unchecked data is exposed in the file system
(#1039811)
- Fixes CVE-2013-6435
* Fri Sep 5 2014 Panu Matilainen <pmatilai@redhat.com> - 4.11.3-1
- update to 4.11.3 (http://rpm.org/wiki/Releases/4.11.3)
* Tue Feb 18 2014 Panu Matilainen <pmatilai@redhat.com> - 4.11.2-2
- reduce the double separator spec parse error into a warning (#1065563)
* Thu Feb 13 2014 Panu Matilainen <pmatilai@redhat.com> - 4.11.2-1
- update to 4.11.2 (http://rpm.org/wiki/Releases/4.11.2)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1039811 - CVE-2013-6435 rpm: race condition during the
installation process
https://bugzilla.redhat.com/show_bug.cgi?id=1039811
[ 2 ] Bug #1168715 - CVE-2014-8118 rpm: integer overflow and stack overflow
in CPIO header parsing
https://bugzilla.redhat.com/show_bug.cgi?id=1168715
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update rpm' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung