You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa rpm

Sigurnosni nedostaci programskog paketa rpm

——————————————————————————–
Fedora Update Notification
FEDORA-2014-16890
2014-12-13 08:34:36
——————————————————————————–

Name : rpm
Product : Fedora 21
Version : 4.12.0.1
Release : 4.fc21
URL : http://www.rpm.org/
Summary : The RPM package management system
Description :
The RPM Package Manager (RPM) is a powerful command line driven
package management system capable of installing, uninstalling,
verifying, querying, and updating software packages. Each software
package consists of an archive of files along with information about
the package like its version, a description, etc.

——————————————————————————–
Update Information:

– Add check against malicious CPIO file name size
– Fix race condidition where unchecked data is exposed in the file system

——————————————————————————–
ChangeLog:

* Fri Dec 12 2014 Lubos Kardos <lkardos@redhat.com> – 4.12.0.1-4
– Add check against malicious CPIO file name size (#1168715)
– Fixes CVE-2014-8118
– Fix race condidition where unchecked data is exposed in the file system
(#1039811)
– Fixes CVE-2013-6435
——————————————————————————–
References:

[ 1 ] Bug #1039811 – CVE-2013-6435 rpm: race condition during the installation process
https://bugzilla.redhat.com/show_bug.cgi?id=1039811
[ 2 ] Bug #1168715 – CVE-2014-8118 rpm: integer overflow and stack overflow in CPIO header parsing
https://bugzilla.redhat.com/show_bug.cgi?id=1168715
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update rpm’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

 

 

 

 

——————————————————————————–
Fedora Update Notification
FEDORA-2014-16838
2014-12-13 08:32:20
——————————————————————————–

Name : rpm
Product : Fedora 20
Version : 4.11.3
Release : 2.fc20
URL : http://www.rpm.org/
Summary : The RPM package management system
Description :
The RPM Package Manager (RPM) is a powerful command line driven
package management system capable of installing, uninstalling,
verifying, querying, and updating software packages. Each software
package consists of an archive of files along with information about
the package like its version, a description, etc.

——————————————————————————–
Update Information:

– Add check against malicious CPIO file name size
– Fix race condidition where unchecked data is exposed in the file system

——————————————————————————–
ChangeLog:

* Fri Dec 12 2014 Lubos Kardos <lkardos@redhat.com> – 4.11.3-2
– Add check against malicious CPIO file name size (#1168715)
– Fixes CVE-2014-8118
– Fix race condidition where unchecked data is exposed in the file system
(#1039811)
– Fixes CVE-2013-6435
* Fri Sep 5 2014 Panu Matilainen <pmatilai@redhat.com> – 4.11.3-1
– update to 4.11.3 (http://rpm.org/wiki/Releases/4.11.3)
* Tue Feb 18 2014 Panu Matilainen <pmatilai@redhat.com> – 4.11.2-2
– reduce the double separator spec parse error into a warning (#1065563)
* Thu Feb 13 2014 Panu Matilainen <pmatilai@redhat.com> – 4.11.2-1
– update to 4.11.2 (http://rpm.org/wiki/Releases/4.11.2)
——————————————————————————–
References:

[ 1 ] Bug #1039811 – CVE-2013-6435 rpm: race condition during the installation process
https://bugzilla.redhat.com/show_bug.cgi?id=1039811
[ 2 ] Bug #1168715 – CVE-2014-8118 rpm: integer overflow and stack overflow in CPIO header parsing
https://bugzilla.redhat.com/show_bug.cgi?id=1168715
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update rpm’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Ranjivost programskog paketa unbound

Otkrivena je ranjivost u datoteci iterator.c u programskom paketu unbound za FreeBSD uzrokovana neograničavanjem ulančavanja delegacije, što udaljenim napadačima omogućuje...

Close