Back to bug 1039811
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Murray McAllister | 2013-12-10 04:12:37 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2013-12-10 04:12:37 UTC | Doc Type | --- | Bug Fix |
| Murray McAllister | 2013-12-10 04:12:50 UTC | CC | jkurik, pfrields, pmatilai | |
| Murray McAllister | 2013-12-10 04:25:00 UTC | CC | fweimer | |
| Murray McAllister | 2013-12-10 04:26:31 UTC | Blocks | 1039813 | |
| Murray McAllister | 2013-12-10 06:55:41 UTC | Alias | CVE-2013-6435 | |
| Murray McAllister | 2013-12-10 06:55:44 UTC | Summary | EMBARGOED rpm: race condition during the installation process | EMBARGOED CVE-2013-6435 rpm: race condition during the installation process |
| Florian Weimer | 2014-11-11 12:22:23 UTC | Attachment #956207 Attachment description | rpm-4.8.0-CVE-2013-6435.patch | rpm-4.8.0-CVE-2013-6435.patch (version without umask) |
| Huzaifa S. Sidhpurwala | 2014-11-12 10:13:37 UTC | Whiteboard | impact=important,public=no,reported=20131209,source=redhat,cvss2=7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C,rhel-5/rpm=new,rhel-6/rpm=affected,rhel-7/rpm=new | impact=important,public=no,reported=20131209,source=redhat,cvss2=7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C,rhel-5.6.z/rpm=affected,rhel-5.9.z/rpm=affected,rhel-6.2.z/rpm=affected,rhel-6.4.z/rpm=affected,rhel-6.5.z/rpm=affected,rhel-5/rpm=affected,rhel-6/rpm=affected,rhel-7/rpm=affected,fedora-all/rpm=affected |
| Huzaifa S. Sidhpurwala | 2014-11-12 10:14:40 UTC | Depends On | 1163052 | |
| Huzaifa S. Sidhpurwala | 2014-11-12 10:14:50 UTC | Depends On | 1163053 | |
| Huzaifa S. Sidhpurwala | 2014-11-12 10:14:58 UTC | Depends On | 1163054 | |
| Huzaifa S. Sidhpurwala | 2014-11-12 10:15:07 UTC | Depends On | 1163055 | |
| Huzaifa S. Sidhpurwala | 2014-11-12 10:15:15 UTC | Depends On | 1163056 | |
| Huzaifa S. Sidhpurwala | 2014-11-12 10:15:24 UTC | Depends On | 1163057 | |
| Huzaifa S. Sidhpurwala | 2014-11-12 10:15:33 UTC | Depends On | 1163058 | |
| Huzaifa S. Sidhpurwala | 2014-11-12 10:15:46 UTC | Depends On | 1163059 | |
| Huzaifa S. Sidhpurwala | 2014-11-12 10:15:54 UTC | Depends On | 1163060 | |
| Huzaifa S. Sidhpurwala | 2014-11-12 10:16:04 UTC | Depends On | 1163061 | |
| Panu Matilainen | 2014-11-13 11:43:54 UTC | CC | ffesti | |
| Karel Srot | 2014-11-14 13:03:46 UTC | CC | ksrot | |
| Huzaifa S. Sidhpurwala | 2014-11-21 10:33:42 UTC | Whiteboard | impact=important,public=no,reported=20131209,source=redhat,cvss2=7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C,rhel-5.6.z/rpm=affected,rhel-5.9.z/rpm=affected,rhel-6.2.z/rpm=affected,rhel-6.4.z/rpm=affected,rhel-6.5.z/rpm=affected,rhel-5/rpm=affected,rhel-6/rpm=affected,rhel-7/rpm=affected,fedora-all/rpm=affected | impact=important,public=20141127,reported=20131209,source=redhat,cvss2=7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C,rhel-5.6.z/rpm=affected,rhel-5.9.z/rpm=affected,rhel-6.2.z/rpm=affected,rhel-6.4.z/rpm=affected,rhel-6.5.z/rpm=affected,rhel-5/rpm=affected,rhel-6/rpm=affected,rhel-7/rpm=affected,fedora-all/rpm=affected |
| Florian Weimer | 2014-11-24 09:00:01 UTC | Whiteboard | impact=important,public=20141127,reported=20131209,source=redhat,cvss2=7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C,rhel-5.6.z/rpm=affected,rhel-5.9.z/rpm=affected,rhel-6.2.z/rpm=affected,rhel-6.4.z/rpm=affected,rhel-6.5.z/rpm=affected,rhel-5/rpm=affected,rhel-6/rpm=affected,rhel-7/rpm=affected,fedora-all/rpm=affected | impact=important,public=20141202,reported=20131209,source=redhat,cvss2=7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C,rhel-5.6.z/rpm=affected,rhel-5.9.z/rpm=affected,rhel-6.2.z/rpm=affected,rhel-6.4.z/rpm=affected,rhel-6.5.z/rpm=affected,rhel-5/rpm=affected,rhel-6/rpm=affected,rhel-7/rpm=affected,fedora-all/rpm=affected |
| Martin Prpič | 2014-11-25 08:45:42 UTC | Doc Text | It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. | |
| Huzaifa S. Sidhpurwala | 2014-12-09 12:47:40 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2013-6435 rpm: race condition during the installation process | CVE-2013-6435 rpm: race condition during the installation process | ||
| Whiteboard | impact=important,public=20141202,reported=20131209,source=redhat,cvss2=7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C,rhel-5.6.z/rpm=affected,rhel-5.9.z/rpm=affected,rhel-6.2.z/rpm=affected,rhel-6.4.z/rpm=affected,rhel-6.5.z/rpm=affected,rhel-5/rpm=affected,rhel-6/rpm=affected,rhel-7/rpm=affected,fedora-all/rpm=affected | impact=important,public=20141209,reported=20131209,source=redhat,cvss2=7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C,rhel-5.6.z/rpm=affected,rhel-5.9.z/rpm=affected,rhel-6.2.z/rpm=affected,rhel-6.4.z/rpm=affected,rhel-6.5.z/rpm=affected,rhel-5/rpm=affected,rhel-6/rpm=affected,rhel-7/rpm=affected,fedora-all/rpm=affected | ||
| Huzaifa S. Sidhpurwala | 2014-12-09 12:50:30 UTC | Depends On | 1172125 | |
| Salvatore Bonaccorso | 2014-12-09 15:14:20 UTC | CC | carnil | |
| Huzaifa S. Sidhpurwala | 2014-12-19 04:48:19 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2014-12-18 23:48:19 UTC | |||
| John Skeoch | 2015-01-04 22:38:02 UTC | CC | vdanen | |
| Ján Rusnačko | 2015-01-05 09:46:08 UTC | CC | jrusnack | |
| Whiteboard | impact=important,public=20141209,reported=20131209,source=redhat,cvss2=7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C,rhel-5.6.z/rpm=affected,rhel-5.9.z/rpm=affected,rhel-6.2.z/rpm=affected,rhel-6.4.z/rpm=affected,rhel-6.5.z/rpm=affected,rhel-5/rpm=affected,rhel-6/rpm=affected,rhel-7/rpm=affected,fedora-all/rpm=affected | impact=important,public=20141209,reported=20131209,source=redhat,cvss2=7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C,rhel-5.6.z/rpm=affected,rhel-5.9.z/rpm=affected,rhel-6.2.z/rpm=affected,rhel-6.4.z/rpm=affected,rhel-6.5.z/rpm=affected,rhel-5/rpm=affected,rhel-6/rpm=affected,rhel-7/rpm=affected,fedora-all/rpm=affected,cwe=CWE-367 | ||
| Thomas Jarosch | 2015-01-22 11:37:40 UTC | CC | thomas.jarosch | |
| Karel Srot | 2015-03-18 07:55:53 UTC | Flags | needinfo?(fweimer) | |
| Panu Matilainen | 2015-03-18 08:18:18 UTC | Flags | needinfo?(fweimer) | |
| Product Security DevOps Team | 2019-09-29 13:11:26 UTC | Whiteboard | impact=important,public=20141209,reported=20131209,source=redhat,cvss2=7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C,rhel-5.6.z/rpm=affected,rhel-5.9.z/rpm=affected,rhel-6.2.z/rpm=affected,rhel-6.4.z/rpm=affected,rhel-6.5.z/rpm=affected,rhel-5/rpm=affected,rhel-6/rpm=affected,rhel-7/rpm=affected,fedora-all/rpm=affected,cwe=CWE-367 |
Back to bug 1039811