OVMSA-2016-0077 - rpm security update
| Type: | SECURITY |
| Severity: | NA |
| Release Date: | 2016-06-20 |
Description
[4.4.2.3-36.0.1]
- Add missing files in /usr/share/doc/
[4.8.0-36]
- Fix warning when applying the patch for #1163057
[4.8.0-35]
- Fix race condidition where unchecked data is exposed in the file system
(CVE-2013-6435)(#1163057)
[4.4.2.3-34]
- Fix segfault on rpmdb addition when header unload fails (#706935)
- Fix segfault on invalid OpenPGP packet (#743203)
[4.4.2.3-33]
- Account for excludes and hardlinks wrt payload max size (#716853)
- Fix payload size tag generation on big-endian systems (#648516)
[4.4.2.3-32]
- Track all install failures within a transaction (#671194)
[4.4.2.3-31]
- fix changelog (bug #707677 is actually #808547)
[4.4.2.3-30]
- Document -D and -E options in man page (#814602)
- Require matching arch for freshen on colored transactions (#813282)
[4.4.2.3-29]
- Add DWARF 3 and 4 support to debugedit (#808547)
- No longer add \n to group tag in Python bindings (#783451)
- Fix typos in Japanese rpm man page (#760552)
- Bump Geode compatibility up to i686 (#620570)
[4.4.2.3-28]
- Proper region tag validation on package/header read (CVE-2012-0060)
- Double-check region size against header size (CVE-2012-0061)
- Validate negated offsets too in headerVerifyInfo() (CVE-2012-0815)
[4.4.2.3-27]
- Revert fix for #740291, too many packages rely on the broken behavior
[4.4.2.3-26]
- Add support for XZ-compressed sources and patches to rpmbuild (#620674)
- Avoid unnecessary assert-death when closing NULL fd (#573043)
- Add scriptlet error notification callbacks (#533831)
[4.4.2.3-25]
- Honor --noscripts for pre- and posttrans scriptlets too (#740345)
- Avoid bogus error on printing empty ds from python (#628883)
- File conflicts correctness & consistency fixes (#740291)
- Create the directory used for transaction lock if necessary (#510469)
- Only enforce default umask during transaction (#673821)
[4.4.2.3-24]
- fix thinko in the CVE backport
[4.4.2.3-23]
- fix CVE-2011-3378 (#742157)
[4.4.2.3-22]
- accept windows cr/lf line endings in gpg keys (#530212)
[4.4.2.3-21]
- Backport multilib ordering fixes from rpm 4.8.x (#641892)
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle VM 3.2 (x86_64) | rpm-4.4.2.3-36.0.1.el5_11.src.rpm | 5e87934a511c800894be0e8a72654ebc | OVMBA-2018-0189 |
| popt-1.10.2.3-36.0.1.el5_11.x86_64.rpm | 0ff3c31a486ce757378434036ff1eea2 | - |
| rpm-4.4.2.3-36.0.1.el5_11.x86_64.rpm | bed8bcaedf09d131432857b4af5d428c | OVMBA-2018-0189 |
| rpm-libs-4.4.2.3-36.0.1.el5_11.x86_64.rpm | 0428c7704589484da34ca20923d15a66 | OVMBA-2018-0189 |
| rpm-python-4.4.2.3-36.0.1.el5_11.x86_64.rpm | 8acb62be05bbb38022c54e23fa286dee | OVMBA-2018-0189 |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
