OVMSA-2016-0077

OVMSA-2016-0077 - rpm security update

Type:SECURITY
Severity:NA
Release Date:2016-06-20

Description


[4.4.2.3-36.0.1]
- Add missing files in /usr/share/doc/

[4.8.0-36]
- Fix warning when applying the patch for #1163057

[4.8.0-35]
- Fix race condidition where unchecked data is exposed in the file system
(CVE-2013-6435)(#1163057)

[4.4.2.3-34]
- Fix segfault on rpmdb addition when header unload fails (#706935)
- Fix segfault on invalid OpenPGP packet (#743203)

[4.4.2.3-33]
- Account for excludes and hardlinks wrt payload max size (#716853)
- Fix payload size tag generation on big-endian systems (#648516)

[4.4.2.3-32]
- Track all install failures within a transaction (#671194)

[4.4.2.3-31]
- fix changelog (bug #707677 is actually #808547)

[4.4.2.3-30]
- Document -D and -E options in man page (#814602)
- Require matching arch for freshen on colored transactions (#813282)

[4.4.2.3-29]
- Add DWARF 3 and 4 support to debugedit (#808547)
- No longer add \n to group tag in Python bindings (#783451)
- Fix typos in Japanese rpm man page (#760552)
- Bump Geode compatibility up to i686 (#620570)

[4.4.2.3-28]
- Proper region tag validation on package/header read (CVE-2012-0060)
- Double-check region size against header size (CVE-2012-0061)
- Validate negated offsets too in headerVerifyInfo() (CVE-2012-0815)

[4.4.2.3-27]
- Revert fix for #740291, too many packages rely on the broken behavior

[4.4.2.3-26]
- Add support for XZ-compressed sources and patches to rpmbuild (#620674)
- Avoid unnecessary assert-death when closing NULL fd (#573043)
- Add scriptlet error notification callbacks (#533831)

[4.4.2.3-25]
- Honor --noscripts for pre- and posttrans scriptlets too (#740345)
- Avoid bogus error on printing empty ds from python (#628883)
- File conflicts correctness & consistency fixes (#740291)
- Create the directory used for transaction lock if necessary (#510469)
- Only enforce default umask during transaction (#673821)

[4.4.2.3-24]
- fix thinko in the CVE backport

[4.4.2.3-23]
- fix CVE-2011-3378 (#742157)

[4.4.2.3-22]
- accept windows cr/lf line endings in gpg keys (#530212)

[4.4.2.3-21]
- Backport multilib ordering fixes from rpm 4.8.x (#641892)


Related CVEs


CVE-2012-0060
CVE-2012-0061
CVE-2012-0815
CVE-2013-6435

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle VM 3.2 (x86_64) rpm-4.4.2.3-36.0.1.el5_11.src.rpm5e87934a511c800894be0e8a72654ebcOVMBA-2018-0189
popt-1.10.2.3-36.0.1.el5_11.x86_64.rpm0ff3c31a486ce757378434036ff1eea2-
rpm-4.4.2.3-36.0.1.el5_11.x86_64.rpmbed8bcaedf09d131432857b4af5d428cOVMBA-2018-0189
rpm-libs-4.4.2.3-36.0.1.el5_11.x86_64.rpm0428c7704589484da34ca20923d15a66OVMBA-2018-0189
rpm-python-4.4.2.3-36.0.1.el5_11.x86_64.rpm8acb62be05bbb38022c54e23fa286deeOVMBA-2018-0189



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete