Bug 744858 (CVE-2012-0060) - CVE-2012-0060 rpm: insufficient validation of region tags
Summary: CVE-2012-0060 rpm: insufficient validation of region tags
Status: CLOSED ERRATA
Alias: CVE-2012-0060
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: Unspecified
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20120403,repo...
Keywords: Security
Depends On: 785109 785110 785111 785112 785113 785769 785803 785805 785807 785862 809487 830759
Blocks: 744203
TreeView+ depends on / blocked
 
Reported: 2011-10-10 16:58 UTC by Ramon de C Valle
Modified: 2019-06-08 18:56 UTC (History)
6 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2012-05-07 09:56:09 UTC


Attachments (Terms of Use)
RPM 4.8.x patch - headerLoad (1.21 KB, patch)
2012-02-29 11:35 UTC, Tomas Hoger
no flags Details | Diff
RPM 4.8.x patch - headerVerify and rpmReadSignature (3.75 KB, patch)
2012-02-29 11:36 UTC, Tomas Hoger
no flags Details | Diff
RPM 4.4.x patch - headerLoad (1.22 KB, patch)
2012-02-29 11:37 UTC, Tomas Hoger
no flags Details | Diff
RPM 4.4.x patch - headerVerify and rpmReadSignature (3.92 KB, patch)
2012-02-29 11:37 UTC, Tomas Hoger
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0451 normal SHIPPED_LIVE Important: rpm security update 2012-04-03 20:48:35 UTC

Comment 63 Ramon de C Valle 2012-01-26 17:03:10 UTC
Multiple improper input validation flaws were found in the code for handling region tags within headerLoad, rpmReadSignature and headerVerify functions of RPM library. These functions are used by rpm utility to read the signature header section and verify the values of header structures (i.e. signature and header sections) of a RPM file respectively. An attacker could create a specially-crafted RPM file that, when read, could cause RPM to crash or, potentially, execute arbitrary code.

Comment 70 Tomas Hoger 2012-02-29 11:35:00 UTC
Created attachment 566531 [details]
RPM 4.8.x patch - headerLoad

Comment 71 Tomas Hoger 2012-02-29 11:36:23 UTC
Created attachment 566532 [details]
RPM 4.8.x patch - headerVerify and rpmReadSignature

Comment 72 Tomas Hoger 2012-02-29 11:37:19 UTC
Created attachment 566535 [details]
RPM 4.4.x patch - headerLoad

Comment 73 Tomas Hoger 2012-02-29 11:37:45 UTC
Created attachment 566536 [details]
RPM 4.4.x patch - headerVerify and rpmReadSignature

Comment 75 Tomas Hoger 2012-04-03 13:39:06 UTC
Created rpm tracking bugs for this issue

Affects: fedora-all [bug 809487]

Comment 76 Tomas Hoger 2012-04-03 14:18:34 UTC
Fixes included in upstream version 4.9.1.3:
  http://rpm.org/wiki/Releases/4.9.1.3

Comment 77 errata-xmlrpc 2012-04-03 16:50:41 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3 Extended Lifecycle Support
  Red Hat Enterprise Linux 5.3 Long Life
  Red Hat Enterprise Linux 5.6 EUS - Server Only
  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6.0 EUS - Server Only
  Red Hat Enterprise Linux 6.1 EUS - Server Only
  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 4 Extended Lifecycle Support

Via RHSA-2012:0451 https://rhn.redhat.com/errata/RHSA-2012-0451.html

Comment 78 Fedora Update System 2012-04-12 03:26:52 UTC
rpm-4.9.1.3-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 79 Fedora Update System 2012-04-22 03:24:03 UTC
rpm-4.9.1.3-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 80 Fedora Update System 2012-04-22 03:42:39 UTC
rpm-4.9.1.3-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 81 Vincent Danen 2013-09-26 19:11:58 UTC
Acknowledgements:

This issue was discovered by Ramon de C Valle of the Red Hat Product Security Team.


Note You need to log in before you can comment on or make changes to this bug.