Bug 744104 (CVE-2012-0815) - CVE-2012-0815 rpm: incorrect handling of negated offsets in headerVerifyInfo()
Summary: CVE-2012-0815 rpm: incorrect handling of negated offsets in headerVerifyInfo()
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-0815
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: Unspecified
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 785109 785110 785111 785112 785113 785769 785803 785805 785807 785862 809487 830759
Blocks: 744203
TreeView+ depends on / blocked
 
Reported: 2011-10-07 04:02 UTC by Ramon de C Valle
Modified: 2023-05-13 02:00 UTC (History)
6 users (show)

Fixed In Version: rpm 4.9.1.3
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-05-07 09:55:57 UTC
Embargoed:

Attachments (Terms of Use)
RPM 4.8.x patch (1.91 KB, patch)
2012-02-29 11:20 UTC, Tomas Hoger 		no flags Details | Diff
RPM 4.4.x patch (1.78 KB, patch)
2012-02-29 11:21 UTC, Tomas Hoger 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0451 0 normal SHIPPED_LIVE Important: rpm security update 2012-04-03 20:48:35 UTC

Comment 7 Ramon de C Valle 2012-01-26 17:06:56 UTC 
A numeric range comparison without minimum check flaw was found within headerVerifyInfo function of RPM library. This function is used by rpm utility to verify the values of header structures (i.e. signature and header sections) of a RPM file. An attacker could create a specially-crafted RPM file that, when read, could cause RPM to crash or, potentially, execute arbitrary code.
Comment 24 Tomas Hoger 2012-02-29 11:20:46 UTC 
Created attachment 566526 [details]
RPM 4.8.x patch
Comment 25 Tomas Hoger 2012-02-29 11:21:09 UTC 
Created attachment 566527 [details]
RPM 4.4.x patch
Comment 26 Tomas Hoger 2012-04-03 13:31:32 UTC 
Lifting embargo.  Committed upstream now in:

http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=6fc6b45bf9fef0f17a2900c6c5198bda5e50d09e
Comment 27 Tomas Hoger 2012-04-03 13:38:48 UTC 
Created rpm tracking bugs for this issue

Affects: fedora-all [bug 809487]
Comment 28 Tomas Hoger 2012-04-03 14:18:33 UTC 
Fixes included in upstream version 4.9.1.3:
  http://rpm.org/wiki/Releases/4.9.1.3
Comment 29 errata-xmlrpc 2012-04-03 16:50:37 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3 Extended Lifecycle Support
  Red Hat Enterprise Linux 5.3 Long Life
  Red Hat Enterprise Linux 5.6 EUS - Server Only
  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6.0 EUS - Server Only
  Red Hat Enterprise Linux 6.1 EUS - Server Only
  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 4 Extended Lifecycle Support

Via RHSA-2012:0451 https://rhn.redhat.com/errata/RHSA-2012-0451.html
Comment 30 Fedora Update System 2012-04-12 03:26:43 UTC 
rpm-4.9.1.3-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 31 Fedora Update System 2012-04-22 03:23:53 UTC 
rpm-4.9.1.3-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 32 Fedora Update System 2012-04-22 03:42:32 UTC 
rpm-4.9.1.3-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 33 Vincent Danen 2013-09-26 19:09:17 UTC 
Acknowledgements:

This issue was discovered by Ramon de C Valle of the Red Hat Product Security Team.
Note You need to log in before you can comment on or make changes to this bug.