Red Hat Bugzilla – Bug 744858
CVE-2012-0060 rpm: insufficient validation of region tags
Last modified: 2013-10-13 21:01:33 EDT
Multiple improper input validation flaws were found in the code for handling region tags within headerLoad, rpmReadSignature and headerVerify functions of RPM library. These functions are used by rpm utility to read the signature header section and verify the values of header structures (i.e. signature and header sections) of a RPM file respectively. An attacker could create a specially-crafted RPM file that, when read, could cause RPM to crash or, potentially, execute arbitrary code.
Created attachment 566531 [details]
RPM 4.8.x patch - headerLoad
Created attachment 566532 [details]
RPM 4.8.x patch - headerVerify and rpmReadSignature
Created attachment 566535 [details]
RPM 4.4.x patch - headerLoad
Created attachment 566536 [details]
RPM 4.4.x patch - headerVerify and rpmReadSignature
Lifting embargo. Fixes committed upstream in:
Created rpm tracking bugs for this issue
Affects: fedora-all [bug 809487]
Fixes included in upstream version 18.104.22.168:
This issue has been addressed in following products:
Red Hat Enterprise Linux 3 Extended Lifecycle Support
Red Hat Enterprise Linux 5.3 Long Life
Red Hat Enterprise Linux 5.6 EUS - Server Only
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6.0 EUS - Server Only
Red Hat Enterprise Linux 6.1 EUS - Server Only
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 4 Extended Lifecycle Support
Via RHSA-2012:0451 https://rhn.redhat.com/errata/RHSA-2012-0451.html
rpm-22.214.171.124-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
rpm-126.96.36.199-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
rpm-188.8.131.52-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
This issue was discovered by Ramon de C Valle of the Red Hat Product Security Team.