Bug 798585 (CVE-2012-0061)
Summary: | CVE-2012-0061 rpm: improper validation of header contents total size in headerLoad() | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | high | Docs Contact: | |||||||
Priority: | high | ||||||||
Version: | unspecified | CC: | pinto.elia, pkis, pmatilai, rcvalle, security-response-team | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | rpm 4.9.1.3 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2012-05-07 09:56:16 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 785109, 785110, 785111, 785112, 785113, 785769, 785803, 785805, 785807, 785862, 809487, 830759 | ||||||||
Bug Blocks: | 744203 | ||||||||
Attachments: |
|
Description
Tomas Hoger
2012-02-29 10:31:54 UTC
Created attachment 566511 [details]
RPM 4.8.x patch
Created attachment 566512 [details]
RPM 4.4.x patch
Lifting embargo. Fix is already in upstream git: http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6 Created rpm tracking bugs for this issue Affects: fedora-all [bug 809487] Fixes included in upstream version 4.9.1.3: http://rpm.org/wiki/Releases/4.9.1.3 This issue has been addressed in following products: Red Hat Enterprise Linux 3 Extended Lifecycle Support Red Hat Enterprise Linux 5.3 Long Life Red Hat Enterprise Linux 5.6 EUS - Server Only Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6.0 EUS - Server Only Red Hat Enterprise Linux 6.1 EUS - Server Only Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 4 Extended Lifecycle Support Via RHSA-2012:0451 https://rhn.redhat.com/errata/RHSA-2012-0451.html rpm-4.9.1.3-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. rpm-4.9.1.3-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. rpm-4.9.1.3-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. Acknowledgements: This issue was discovered by Ramon de C Valle of the Red Hat Product Security Team. |