Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in RPM
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in RPM
ID: FEDORA-2014-16890
Distribution: Fedora
Plattformen: Fedora 21
Datum: Mi, 17. Dezember 2014, 07:51
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118
Applikationen: RPM

Originalnachricht

Name        : rpm
Product : Fedora 21
Version : 4.12.0.1
Release : 4.fc21
URL : http://www.rpm.org/
Summary : The RPM package management system
Description :
The RPM Package Manager (RPM) is a powerful command line driven
package management system capable of installing, uninstalling,
verifying, querying, and updating software packages. Each software
package consists of an archive of files along with information about
the package like its version, a description, etc.

-------------------------------------------------------------------------------
-
Update Information:

- Add check against malicious CPIO file name size
- Fix race condidition where unchecked data is exposed in the file system

-------------------------------------------------------------------------------
-
ChangeLog:

* Fri Dec 12 2014 Lubos Kardos <lkardos@redhat.com> - 4.12.0.1-4
- Add check against malicious CPIO file name size (#1168715)
- Fixes CVE-2014-8118
- Fix race condidition where unchecked data is exposed in the file system
(#1039811)
- Fixes CVE-2013-6435
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1039811 - CVE-2013-6435 rpm: race condition during the
installation process
https://bugzilla.redhat.com/show_bug.cgi?id=1039811
[ 2 ] Bug #1168715 - CVE-2014-8118 rpm: integer overflow and stack overflow
in CPIO header parsing
https://bugzilla.redhat.com/show_bug.cgi?id=1168715
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update rpm' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung