rpm-4.8.0-19.1.0.1.AXS4
エラータID: AXSA:2012-489:02
Release date:
Friday, April 13, 2012 - 14:52
Subject:
rpm-4.8.0-19.1.0.1.AXS4
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling,c verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package like its version, a description, etc.
Security issues fixed with this release:
CVE-2012-0060
CVE-2012-0061
CVE-2012-0815
No description available at the time of writing, please check the links below.
Solution:
Update packages.
CVEs:
CVE-2012-0060
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.
CVE-2012-0061
The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.
The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.
CVE-2012-0815
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.
Additional Info:
N/A
Download:
SRPMS
- rpm-4.8.0-19.1.0.1.AXS4.src.rpm
MD5: 3b9205f5862c9f0b6d96d68a35dd7cea
SHA-256: 8aa5a16258ff08e5375780406d93ff031931b03e256a8748f227c836558f780e
Size: 3.59 MB
Asianux Server 4 for x86
- rpm-4.8.0-19.1.0.1.AXS4.i686.rpm
MD5: c859b28682f42e2eea5741695e3d8d80
SHA-256: 2c4e5ed28e617f23a474ffa1908be77b2e5a00d9a6c02c4b8cc66aac18014004
Size: 896.95 kB - rpm-build-4.8.0-19.1.0.1.AXS4.i686.rpm
MD5: 172bc0ebbec5a0a93cbc77907b691e80
SHA-256: 64e800afc0c1e4ab09e456a57d6891948e57437b34032d929f26e2434bf42732
Size: 124.64 kB - rpm-devel-4.8.0-19.1.0.1.AXS4.i686.rpm
MD5: 0b6a26b165cd1848dc13a01951e5da48
SHA-256: 049d33c243fd4e536224921d10a44c36d2b4cbe42ad2a1ade6514818074828de
Size: 89.69 kB - rpm-libs-4.8.0-19.1.0.1.AXS4.i686.rpm
MD5: 6164c50cf46806d15d6d2ae36f5112ab
SHA-256: 43f1031232e011bb1afbac44c4918cc4b1ddfe2650cf2be0679fd9e2f90753a6
Size: 311.11 kB - rpm-python-4.8.0-19.1.0.1.AXS4.i686.rpm
MD5: 54d39c40e5c37f3e806f2c632abdfd52
SHA-256: ab7ff1c28d2556cb40fb2882d1375a0f808fac265d515de65cd1f7e9bedd84fc
Size: 52.02 kB
Asianux Server 4 for x86_64
- rpm-4.8.0-19.1.0.1.AXS4.x86_64.rpm
MD5: 14cc1a486565466b8f1e5c313f804389
SHA-256: bc30b3c04b9d83980bd460e36671b58c7a1e1006ff75c3fd26844ffb2196debe
Size: 897.59 kB - rpm-build-4.8.0-19.1.0.1.AXS4.x86_64.rpm
MD5: 1f0c24f05d4104d256a1078185adf51f
SHA-256: 6eaf6b3f1b1846f2c890a2afc238f57d5af3a765828453776a952860ccf434ce
Size: 123.36 kB - rpm-devel-4.8.0-19.1.0.1.AXS4.x86_64.rpm
MD5: 5e4e65025a90fa3d9fec63c71a2113a2
SHA-256: 78e75375491af2a74d6f85f1c8dcc0f65a19cdb3859d7b3d126af72e4dbea1db
Size: 89.55 kB - rpm-libs-4.8.0-19.1.0.1.AXS4.x86_64.rpm
MD5: bb4f06f766fcb20c8b52d93e00b12793
SHA-256: 81134bca9ffc79888f189e72970b513100aec1e21a7bea84ca55564104b0f574
Size: 308.06 kB - rpm-python-4.8.0-19.1.0.1.AXS4.x86_64.rpm
MD5: 9cc006aba22353bc1526c10a45cb460e
SHA-256: 436cff713aeeadedf8f7e6e2edcf1d6ffe2fb9ab9adebd9bdc20aee1a1fca724
Size: 52.75 kB - rpm-devel-4.8.0-19.1.0.1.AXS4.i686.rpm
MD5: 0b6a26b165cd1848dc13a01951e5da48
SHA-256: 049d33c243fd4e536224921d10a44c36d2b4cbe42ad2a1ade6514818074828de
Size: 89.69 kB - rpm-libs-4.8.0-19.1.0.1.AXS4.i686.rpm
MD5: 6164c50cf46806d15d6d2ae36f5112ab
SHA-256: 43f1031232e011bb1afbac44c4918cc4b1ddfe2650cf2be0679fd9e2f90753a6
Size: 311.11 kB
日本語