Bug 744858 (CVE-2012-0060)

Summary: CVE-2012-0060 rpm: insufficient validation of region tags
Product: [Other] Security Response Reporter: Ramon de C Valle <rcvalle>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: bressers, jnovy, pinto.elia, pkis, pmatilai, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: rpm 4.9.1.3 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-07 09:56:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 785109, 785110, 785111, 785112, 785113, 785769, 785803, 785805, 785807, 785862, 809487, 830759    
Bug Blocks: 744203    
Attachments:
Description Flags
RPM 4.8.x patch - headerLoad
none
RPM 4.8.x patch - headerVerify and rpmReadSignature
none
RPM 4.4.x patch - headerLoad
none
RPM 4.4.x patch - headerVerify and rpmReadSignature none

Comment 63 Ramon de C Valle 2012-01-26 17:03:10 UTC 
Multiple improper input validation flaws were found in the code for handling region tags within headerLoad, rpmReadSignature and headerVerify functions of RPM library. These functions are used by rpm utility to read the signature header section and verify the values of header structures (i.e. signature and header sections) of a RPM file respectively. An attacker could create a specially-crafted RPM file that, when read, could cause RPM to crash or, potentially, execute arbitrary code.
Comment 70 Tomas Hoger 2012-02-29 11:35:00 UTC 
Created attachment 566531 [details]
RPM 4.8.x patch - headerLoad
Comment 71 Tomas Hoger 2012-02-29 11:36:23 UTC 
Created attachment 566532 [details]
RPM 4.8.x patch - headerVerify and rpmReadSignature
Comment 72 Tomas Hoger 2012-02-29 11:37:19 UTC 
Created attachment 566535 [details]
RPM 4.4.x patch - headerLoad
Comment 73 Tomas Hoger 2012-02-29 11:37:45 UTC 
Created attachment 566536 [details]
RPM 4.4.x patch - headerVerify and rpmReadSignature
Comment 74 Tomas Hoger 2012-04-03 13:34:04 UTC 
Lifting embargo.  Fixes committed upstream in:

http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=f23998251992b8ae25faf5113c42fee2c49c7f29
Comment 75 Tomas Hoger 2012-04-03 13:39:06 UTC 
Created rpm tracking bugs for this issue

Affects: fedora-all [bug 809487]
Comment 76 Tomas Hoger 2012-04-03 14:18:34 UTC 
Fixes included in upstream version 4.9.1.3:
  http://rpm.org/wiki/Releases/4.9.1.3
Comment 77 errata-xmlrpc 2012-04-03 16:50:41 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3 Extended Lifecycle Support
  Red Hat Enterprise Linux 5.3 Long Life
  Red Hat Enterprise Linux 5.6 EUS - Server Only
  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6.0 EUS - Server Only
  Red Hat Enterprise Linux 6.1 EUS - Server Only
  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 4 Extended Lifecycle Support

Via RHSA-2012:0451 https://rhn.redhat.com/errata/RHSA-2012-0451.html
Comment 78 Fedora Update System 2012-04-12 03:26:52 UTC 
rpm-4.9.1.3-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 79 Fedora Update System 2012-04-22 03:24:03 UTC 
rpm-4.9.1.3-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 80 Fedora Update System 2012-04-22 03:42:39 UTC 
rpm-4.9.1.3-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 81 Vincent Danen 2013-09-26 19:11:58 UTC 
Acknowledgements:

This issue was discovered by Ramon de C Valle of the Red Hat Product Security Team.