| Summary: | rpm new security issues CVE-2012-0060, CVE-2012-0061, CVE-2012-0815 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, dmorganec, pterjan, sysadmin-bugs, thierry.vignaud, tmb |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | rpm-4.8.1-10.3.mga1.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2012-04-12 16:48:39 CEST
David Walser
2012-04-12 17:59:22 CEST
CC:
(none) =>
dmorganec
David Walser
2012-04-12 17:59:33 CEST
CC:
(none) =>
pterjan
David Walser
2012-04-12 17:59:45 CEST
CC:
(none) =>
thierry.vignaud Just FYI, I checked the RedHat patches and they apply cleanly. Patched package uploaded. Advisory: ======================== Updated rpm packages fix security vulnerabilities: Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library to crash or, potentially, execute arbitrary code (CVE-2012-0060, CVE-2012-0061, CVE-2012-0815). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0060 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0061 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0815 https://bugzilla.redhat.com/show_bug.cgi?id=744104 https://bugzilla.redhat.com/show_bug.cgi?id=744858 https://bugzilla.redhat.com/show_bug.cgi?id=798585 http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:056 ======================== Updated packages in core/updates_testing: ======================== rpm-4.8.1-10.4.mga1 librpm1-4.8.1-10.4.mga1 librpm-devel-4.8.1-10.4.mga1 rpm-build-4.8.1-10.4.mga1 python-rpm-4.8.1-10.4.mga1 from rpm-4.8.1-10.4.mga1.src.rpm Assignee:
bugsquad =>
qa-bugs I saw QA asking why rpm is in updates_testing in IRC. This bug is already assigned to qa-bugs, so I hope you all see this. Thanks. Somehow I had missed this one. Testing complete on i586 for the srpm rpm-4.8.1-10.4.mga1.src.rpm I've been using it for 5 days now, without any problems. CC:
(none) =>
davidwhodgins Thanks David. I didn't see it either :\ No PoC's and no regressions noticed in use. Testing complete x86_64 Validating Could sysadmin please push from core/updates_testing to core/updates See comment 2 for Advisory and SRPM Thanks! Keywords:
(none) =>
validated_update Update pushed Status:
NEW =>
RESOLVED |