OVMSA-2016-0077 - rpm security update
| Type: | SECURITY |
| Impact: | NA |
| Release Date: | 2016-06-20 |
Description
[4.4.2.3-36.0.1]
- Add missing files in /usr/share/doc/
[4.8.0-36]
- Fix warning when applying the patch for #1163057
[4.8.0-35]
- Fix race condidition where unchecked data is exposed in the file system
(CVE-2013-6435)(#1163057)
[4.4.2.3-34]
- Fix segfault on rpmdb addition when header unload fails (#706935)
- Fix segfault on invalid OpenPGP packet (#743203)
[4.4.2.3-33]
- Account for excludes and hardlinks wrt payload max size (#716853)
- Fix payload size tag generation on big-endian systems (#648516)
[4.4.2.3-32]
- Track all install failures within a transaction (#671194)
[4.4.2.3-31]
- fix changelog (bug #707677 is actually #808547)
[4.4.2.3-30]
- Document -D and -E options in man page (#814602)
- Require matching arch for freshen on colored transactions (#813282)
[4.4.2.3-29]
- Add DWARF 3 and 4 support to debugedit (#808547)
- No longer add \n to group tag in Python bindings (#783451)
- Fix typos in Japanese rpm man page (#760552)
- Bump Geode compatibility up to i686 (#620570)
[4.4.2.3-28]
- Proper region tag validation on package/header read (CVE-2012-0060)
- Double-check region size against header size (CVE-2012-0061)
- Validate negated offsets too in headerVerifyInfo() (CVE-2012-0815)
[4.4.2.3-27]
- Revert fix for #740291, too many packages rely on the broken behavior
[4.4.2.3-26]
- Add support for XZ-compressed sources and patches to rpmbuild (#620674)
- Avoid unnecessary assert-death when closing NULL fd (#573043)
- Add scriptlet error notification callbacks (#533831)
[4.4.2.3-25]
- Honor --noscripts for pre- and posttrans scriptlets too (#740345)
- Avoid bogus error on printing empty ds from python (#628883)
- File conflicts correctness & consistency fixes (#740291)
- Create the directory used for transaction lock if necessary (#510469)
- Only enforce default umask during transaction (#673821)
[4.4.2.3-24]
- fix thinko in the CVE backport
[4.4.2.3-23]
- fix CVE-2011-3378 (#742157)
[4.4.2.3-22]
- accept windows cr/lf line endings in gpg keys (#530212)
[4.4.2.3-21]
- Backport multilib ordering fixes from rpm 4.8.x (#641892)
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle VM 3.2 (x86_64) | rpm-4.4.2.3-36.0.1.el5_11.src.rpm | d0ae970e59fa28a121a1b680d95fbaad8af8148b6253a2fb44c28b777ef986f3 | OVMBA-2018-0189 | ovm3_3.2.1_x86_64_patch |
| popt-1.10.2.3-36.0.1.el5_11.x86_64.rpm | 38c5a6db311c47341e4483e63dabf7b65c1457ab434a27efb2cd8df33ebf4083 | - | ovm3_3.2.1_x86_64_patch |
| rpm-4.4.2.3-36.0.1.el5_11.x86_64.rpm | 8d7da0e1e493dd2522c6d9f0034b8a6e68b6f4e04c72d52bdc95b0a5513b8a74 | OVMBA-2018-0189 | ovm3_3.2.1_x86_64_patch |
| rpm-libs-4.4.2.3-36.0.1.el5_11.x86_64.rpm | e4e5a8db593006ba47a9503f604b6623e5b3118a33a8267f173b1e98343acda6 | OVMBA-2018-0189 | ovm3_3.2.1_x86_64_patch |
| rpm-python-4.4.2.3-36.0.1.el5_11.x86_64.rpm | a971f00bf327d35bb8d0314f3bfcc9fb242cea5372c0fc12239d5a5b097e86f3 | OVMBA-2018-0189 | ovm3_3.2.1_x86_64_patch |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
