[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [ MDVSA-2011:143 ] rpm



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:143
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : rpm
 Date    : October 5, 2011
 Affected: 2009.0, 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple flaws were found in the way the RPM library parsed package
 headers. An attacker could create a specially-crafted RPM package that,
 when queried or installed, would cause rpm to crash or, potentially,
 execute arbitrary code (CVE-2011-3378).
 
 Additionally for Mandriva Linux 2009.0 and Mandriva Linux Enterprise
 Server 5 updated perl-URPM and lzma (xz v5) packages are being provided
 to support upgrading to Mandriva Linux 2011.
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3378
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 98c2cda3db7b51815b079b0d92bb4bd4  
2009.0/i586/liblzma5-5.0.0-0.1mdv2009.0.i586.rpm
 942477564ab80da29d54a22449cace61  
2009.0/i586/liblzma-devel-5.0.0-0.1mdv2009.0.i586.rpm
 9252fd231fce953f4667410060b8cd16  
2009.0/i586/libpopt0-1.10.8-32.4mdv2009.0.i586.rpm
 b77d4ac690d32ed54966fa48e1d32a7d  
2009.0/i586/libpopt-devel-1.10.8-32.4mdv2009.0.i586.rpm
 93567d53252e1942f04604fcad0a75af  
2009.0/i586/librpm4.4-4.4.2.3-20.4mnb2.i586.rpm
 f9e4376e5143b0baaa966b25871e5604  
2009.0/i586/librpm-devel-4.4.2.3-20.4mnb2.i586.rpm
 ff675380860633d0a79517a5f553505c  
2009.0/i586/perl-URPM-3.18.2-0.1mdv2009.0.i586.rpm
 0c00c730b371a8488a34e427b19e39f7  
2009.0/i586/popt-data-1.10.8-32.4mdv2009.0.i586.rpm
 515a4e3f1bc7fb0d2deb84441aaf51a2  
2009.0/i586/python-rpm-4.4.2.3-20.4mnb2.i586.rpm
 538c6e077166004cb32dd8c2203028c1  2009.0/i586/rpm-4.4.2.3-20.4mnb2.i586.rpm
 b496d2f1e16f48ada048f8cd38c373d0  
2009.0/i586/rpm-build-4.4.2.3-20.4mnb2.i586.rpm
 cf1dbb505863eb6a3dc10aa3e8109c99  2009.0/i586/xz-5.0.0-0.1mdv2009.0.i586.rpm 
 eb51fc6bdcb7d37f9fb36a3f19752bfb  
2009.0/SRPMS/perl-URPM-3.18.2-0.1mdv2009.0.src.rpm
 3810ffe71b1fcc3ca924510f990a726e  2009.0/SRPMS/rpm-4.4.2.3-20.4mnb2.src.rpm
 f85c631e530882f15258e15e02ab9eb9  2009.0/SRPMS/xz-5.0.0-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 1e27e2de0b8ce62458be3391f5bef22f  
2009.0/x86_64/lib64lzma5-5.0.0-0.1mdv2009.0.x86_64.rpm
 bb5c8c0ae55521ac5cbcaa142c21d819  
2009.0/x86_64/lib64lzma-devel-5.0.0-0.1mdv2009.0.x86_64.rpm
 d7693e8498043816318577aae9d0c75e  
2009.0/x86_64/lib64popt0-1.10.8-32.4mdv2009.0.x86_64.rpm
 8c90c527924185ac57df3df102445b87  
2009.0/x86_64/lib64popt-devel-1.10.8-32.4mdv2009.0.x86_64.rpm
 8523f9a7d772bae89bc65c77e43610a3  
2009.0/x86_64/lib64rpm4.4-4.4.2.3-20.4mnb2.x86_64.rpm
 9b6ffb1f6ff372d18bc2d74c1d37f993  
2009.0/x86_64/lib64rpm-devel-4.4.2.3-20.4mnb2.x86_64.rpm
 774bc8f17f68c0e87e46c01c6613815c  
2009.0/x86_64/perl-URPM-3.18.2-0.1mdv2009.0.x86_64.rpm
 e2568c932f09b909d1063f846fba9c4e  
2009.0/x86_64/popt-data-1.10.8-32.4mdv2009.0.x86_64.rpm
 5b3cc13693bf30a1e0ba5d5b6f0604cb  
2009.0/x86_64/python-rpm-4.4.2.3-20.4mnb2.x86_64.rpm
 4fe7f2570e9d18f45bfcd407b92e8006  2009.0/x86_64/rpm-4.4.2.3-20.4mnb2.x86_64.rpm
 8ff30a53afdd7b40aaea7abcfb1de67b  
2009.0/x86_64/rpm-build-4.4.2.3-20.4mnb2.x86_64.rpm
 ac30079aa87aeded12710283fbb68a71  
2009.0/x86_64/xz-5.0.0-0.1mdv2009.0.x86_64.rpm 
 eb51fc6bdcb7d37f9fb36a3f19752bfb  
2009.0/SRPMS/perl-URPM-3.18.2-0.1mdv2009.0.src.rpm
 3810ffe71b1fcc3ca924510f990a726e  2009.0/SRPMS/rpm-4.4.2.3-20.4mnb2.src.rpm
 f85c631e530882f15258e15e02ab9eb9  2009.0/SRPMS/xz-5.0.0-0.1mdv2009.0.src.rpm

 Mandriva Linux 2010.1:
 575195c4b8184b3bad4a8f0f47611ddd  2010.1/i586/librpm4.6-4.6.0-14.1mnb2.i586.rpm
 633472c6a46e4cda25cd79733e7734e3  
2010.1/i586/librpm-devel-4.6.0-14.1mnb2.i586.rpm
 ea033f2bdfc086def7b44a41b7d93bb0  
2010.1/i586/python-rpm-4.6.0-14.1mnb2.i586.rpm
 755250a1883f839056aeddc45249b4d9  2010.1/i586/rpm-4.6.0-14.1mnb2.i586.rpm
 58baba3819190882766667d1e6b605b6  
2010.1/i586/rpm-build-4.6.0-14.1mnb2.i586.rpm 
 cdbcfbce75a90e86b162918948a0a479  2010.1/SRPMS/rpm-4.6.0-14.1mnb2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 3111d2370a6e6e046425468dd369406c  
2010.1/x86_64/lib64rpm4.6-4.6.0-14.1mnb2.x86_64.rpm
 b67b4d0aab5657bbbd13f295cc3572cf  
2010.1/x86_64/lib64rpm-devel-4.6.0-14.1mnb2.x86_64.rpm
 fd6fa45375ef7605be4185e72ddcbc85  
2010.1/x86_64/python-rpm-4.6.0-14.1mnb2.x86_64.rpm
 8435bb14763a9b04cf92362d0bfbb55b  2010.1/x86_64/rpm-4.6.0-14.1mnb2.x86_64.rpm
 79d9c8c76cb994cb22565163b96301b4  
2010.1/x86_64/rpm-build-4.6.0-14.1mnb2.x86_64.rpm 
 cdbcfbce75a90e86b162918948a0a479  2010.1/SRPMS/rpm-4.6.0-14.1mnb2.src.rpm

 Mandriva Enterprise Server 5:
 846e55fe6d87d65100e109de877bb43c  
mes5/i586/liblzma5-5.0.0-0.1mdvmes5.2.i586.rpm
 03fac9972c6b5ffad2fa0e2fe75c7977  
mes5/i586/liblzma-devel-5.0.0-0.1mdvmes5.2.i586.rpm
 e66a9277bb33c1addf477c4abaabacb2  
mes5/i586/libpopt0-1.10.8-32.4mdvmes5.2.i586.rpm
 1a21aebc11dc56d14d1dc17dbc4feceb  
mes5/i586/libpopt-devel-1.10.8-32.4mdvmes5.2.i586.rpm
 25d9c1c2aa8ff092a78545720f1eaa6a  mes5/i586/librpm4.4-4.4.2.3-20.4mnb2.i586.rpm
 d91d6ea8dbc802881f8342f058e4e7ce  
mes5/i586/librpm-devel-4.4.2.3-20.4mnb2.i586.rpm
 24494f4a5c12f2d153ba02786e875a9b  
mes5/i586/perl-URPM-3.18.2-0.1mdvmes5.2.i586.rpm
 db6a33a30d349eef54d08e6876b4096d  
mes5/i586/popt-data-1.10.8-32.4mdvmes5.2.i586.rpm
 4ca5d53ab83f1c549dccd1d529f95b2b  
mes5/i586/python-rpm-4.4.2.3-20.4mnb2.i586.rpm
 e6e9930ec6bd43b700bc7a5f5bdab91b  mes5/i586/rpm-4.4.2.3-20.4mnb2.i586.rpm
 7cd479a1accf964b867125e3b1d5b66f  mes5/i586/rpm-build-4.4.2.3-20.4mnb2.i586.rpm
 8f0f63192c52671653e126a9732b8a09  mes5/i586/xz-5.0.0-0.1mdvmes5.2.i586.rpm 
 0047febfa6824a98e79b545a4af5c1ee  
mes5/SRPMS/perl-URPM-3.18.2-0.1mdvmes5.2.src.rpm
 d5164ea3f0a4791e914b66349552ad74  mes5/SRPMS/rpm-4.4.2.3-20.4mnb2.src.rpm
 bdc1de5c6f723086ad97395cb088570a  mes5/SRPMS/xz-5.0.0-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 6eae5cab40a4483e8b8676cdc7cb3a47  
mes5/x86_64/lib64lzma5-5.0.0-0.1mdvmes5.2.x86_64.rpm
 abd4f61de9485e9b17423368c9e0846e  
mes5/x86_64/lib64lzma-devel-5.0.0-0.1mdvmes5.2.x86_64.rpm
 9dc9ba0ee07b448bc9291d745d474133  
mes5/x86_64/lib64popt0-1.10.8-32.4mdvmes5.2.x86_64.rpm
 11abb87f3f5237a585e06439cf950ce6  
mes5/x86_64/lib64popt-devel-1.10.8-32.4mdvmes5.2.x86_64.rpm
 a63fb1c7f572cd7aae2d6e11074ca5fa  
mes5/x86_64/lib64rpm4.4-4.4.2.3-20.4mnb2.x86_64.rpm
 b6260a53de8b113e4ecc98bb48e92861  
mes5/x86_64/lib64rpm-devel-4.4.2.3-20.4mnb2.x86_64.rpm
 94ee88583cf17e6c370386eaa8e07aca  
mes5/x86_64/perl-URPM-3.18.2-0.1mdvmes5.2.x86_64.rpm
 ca74f38a9622e7c02521085d6e6e6978  
mes5/x86_64/popt-data-1.10.8-32.4mdvmes5.2.x86_64.rpm
 13ef4db721a5f915f19566b3950e3703  
mes5/x86_64/python-rpm-4.4.2.3-20.4mnb2.x86_64.rpm
 5386b22db9cdbce48029bbe7a9bf066a  mes5/x86_64/rpm-4.4.2.3-20.4mnb2.x86_64.rpm
 cef9d07d289fd54fe84e00c732cbfa74  
mes5/x86_64/rpm-build-4.4.2.3-20.4mnb2.x86_64.rpm
 1867622d245b27193cc5a7a021f23822  mes5/x86_64/xz-5.0.0-0.1mdvmes5.2.x86_64.rpm 
 0047febfa6824a98e79b545a4af5c1ee  
mes5/SRPMS/perl-URPM-3.18.2-0.1mdvmes5.2.src.rpm
 d5164ea3f0a4791e914b66349552ad74  mes5/SRPMS/rpm-4.4.2.3-20.4mnb2.src.rpm
 bdc1de5c6f723086ad97395cb088570a  mes5/SRPMS/xz-5.0.0-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOjHw1mqjQ0CJFipgRAmhYAJoCELWnwS7tgXwMikryTp7aBGHBSgCglC+q
FzkgbuCVJvM+cAouZUfpbJk=
=XKgy
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/