744858 – (CVE-2012-0060) CVE-2012-0060 rpm: insufficient validation of region tags

Bug 744858 (CVE-2012-0060) - CVE-2012-0060 rpm: insufficient validation of region tags

Summary: CVE-2012-0060 rpm: insufficient validation of region tags

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2012-0060
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	785109 785110 785111 785112 785113 785769 785803 785805 785807 785862 809487 830759
Blocks:	744203
TreeView+	depends on / blocked

Reported:	2011-10-10 16:58 UTC by Ramon de C Valle
Modified:	2023-05-13 02:03 UTC (History)
CC List:	6 users (show)
Fixed In Version:	rpm 4.9.1.3
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-05-07 09:56:09 UTC
Embargoed:

Attachments	(Terms of Use)
RPM 4.8.x patch - headerLoad (1.21 KB, patch) 2012-02-29 11:35 UTC, Tomas Hoger	no flags	Details \| Diff
RPM 4.8.x patch - headerVerify and rpmReadSignature (3.75 KB, patch) 2012-02-29 11:36 UTC, Tomas Hoger	no flags	Details \| Diff
RPM 4.4.x patch - headerLoad (1.22 KB, patch) 2012-02-29 11:37 UTC, Tomas Hoger	no flags	Details \| Diff
RPM 4.4.x patch - headerVerify and rpmReadSignature (3.92 KB, patch) 2012-02-29 11:37 UTC, Tomas Hoger	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2012:0451	0	normal	SHIPPED_LIVE	Important: rpm security update	2012-04-03 20:48:35 UTC

Comment 63 Ramon de C Valle 2012-01-26 17:03:10 UTC

Multiple improper input validation flaws were found in the code for handling region tags within headerLoad, rpmReadSignature and headerVerify functions of RPM library. These functions are used by rpm utility to read the signature header section and verify the values of header structures (i.e. signature and header sections) of a RPM file respectively. An attacker could create a specially-crafted RPM file that, when read, could cause RPM to crash or, potentially, execute arbitrary code.

Comment 70 Tomas Hoger 2012-02-29 11:35:00 UTC

Created attachment 566531 [details]
RPM 4.8.x patch - headerLoad

Comment 71 Tomas Hoger 2012-02-29 11:36:23 UTC

Created attachment 566532 [details]
RPM 4.8.x patch - headerVerify and rpmReadSignature

Comment 72 Tomas Hoger 2012-02-29 11:37:19 UTC

Created attachment 566535 [details]
RPM 4.4.x patch - headerLoad

Comment 73 Tomas Hoger 2012-02-29 11:37:45 UTC

Created attachment 566536 [details]
RPM 4.4.x patch - headerVerify and rpmReadSignature

Comment 74 Tomas Hoger 2012-04-03 13:34:04 UTC

Lifting embargo.  Fixes committed upstream in:

http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=f23998251992b8ae25faf5113c42fee2c49c7f29

Comment 75 Tomas Hoger 2012-04-03 13:39:06 UTC

Created rpm tracking bugs for this issue

Affects: fedora-all [bug 809487]

Comment 76 Tomas Hoger 2012-04-03 14:18:34 UTC

Fixes included in upstream version 4.9.1.3:
  http://rpm.org/wiki/Releases/4.9.1.3

Comment 77 errata-xmlrpc 2012-04-03 16:50:41 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 3 Extended Lifecycle Support
  Red Hat Enterprise Linux 5.3 Long Life
  Red Hat Enterprise Linux 5.6 EUS - Server Only
  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6.0 EUS - Server Only
  Red Hat Enterprise Linux 6.1 EUS - Server Only
  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 4 Extended Lifecycle Support

Via RHSA-2012:0451 https://rhn.redhat.com/errata/RHSA-2012-0451.html

Comment 78 Fedora Update System 2012-04-12 03:26:52 UTC

rpm-4.9.1.3-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 79 Fedora Update System 2012-04-22 03:24:03 UTC

rpm-4.9.1.3-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 80 Fedora Update System 2012-04-22 03:42:39 UTC

rpm-4.9.1.3-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 81 Vincent Danen 2013-09-26 19:11:58 UTC

Acknowledgements:

This issue was discovered by Ramon de C Valle of the Red Hat Product Security Team.

Note You need to log in before you can comment on or make changes to this bug.