[SECURITY] Fedora 17 Update: rpm-4.9.1.3-1.fc17

updates at fedoraproject.org updates at fedoraproject.org
Thu Apr 12 03:27:10 UTC 2012


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-5298
2012-04-04 21:03:10
--------------------------------------------------------------------------------

Name        : rpm
Product     : Fedora 17
Version     : 4.9.1.3
Release     : 1.fc17
URL         : http://www.rpm.org/
Summary     : The RPM package management system
Description :
The RPM Package Manager (RPM) is a powerful command line driven
package management system capable of installing, uninstalling,
verifying, querying, and updating software packages. Each software
package consists of an archive of files along with information about
the package like its version, a description, etc.

--------------------------------------------------------------------------------
Update Information:

This update fixes various input-validation issues in rpm:
CVE-2012-0060, CVE-2012-0061 and CVE-2012-0815
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #744104 - CVE-2012-0815 rpm: incorrect handling of negated offsets in headerVerifyInfo()
        https://bugzilla.redhat.com/show_bug.cgi?id=744104
  [ 2 ] Bug #744858 - CVE-2012-0060 rpm: insufficient validation of region tags
        https://bugzilla.redhat.com/show_bug.cgi?id=744858
  [ 3 ] Bug #798585 - CVE-2012-0061 rpm: improper validation of header contents total size in headerLoad()
        https://bugzilla.redhat.com/show_bug.cgi?id=798585
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update rpm' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list