Oracle Errata SystemOracle Linux5.32021-09-09T12:48:22
OVMSA-2016-0077: rpm security update (NA)
Oracle Linux 5
[4.4.2.3-36.0.1]
- Add missing files in /usr/share/doc/
[4.8.0-36]
- Fix warning when applying the patch for #1163057
[4.8.0-35]
- Fix race condidition where unchecked data is exposed in the file system
(CVE-2013-6435)(#1163057)
[4.4.2.3-34]
- Fix segfault on rpmdb addition when header unload fails (#706935)
- Fix segfault on invalid OpenPGP packet (#743203)
[4.4.2.3-33]
- Account for excludes and hardlinks wrt payload max size (#716853)
- Fix payload size tag generation on big-endian systems (#648516)
[4.4.2.3-32]
- Track all install failures within a transaction (#671194)
[4.4.2.3-31]
- fix changelog (bug #707677 is actually #808547)
[4.4.2.3-30]
- Document -D and -E options in man page (#814602)
- Require matching arch for freshen on colored transactions (#813282)
[4.4.2.3-29]
- Add DWARF 3 and 4 support to debugedit (#808547)
- No longer add \n to group tag in Python bindings (#783451)
- Fix typos in Japanese rpm man page (#760552)
- Bump Geode compatibility up to i686 (#620570)
[4.4.2.3-28]
- Proper region tag validation on package/header read (CVE-2012-0060)
- Double-check region size against header size (CVE-2012-0061)
- Validate negated offsets too in headerVerifyInfo() (CVE-2012-0815)
[4.4.2.3-27]
- Revert fix for #740291, too many packages rely on the broken behavior
[4.4.2.3-26]
- Add support for XZ-compressed sources and patches to rpmbuild (#620674)
- Avoid unnecessary assert-death when closing NULL fd (#573043)
- Add scriptlet error notification callbacks (#533831)
[4.4.2.3-25]
- Honor --noscripts for pre- and posttrans scriptlets too (#740345)
- Avoid bogus error on printing empty ds from python (#628883)
- File conflicts correctness & consistency fixes (#740291)
- Create the directory used for transaction lock if necessary (#510469)
- Only enforce default umask during transaction (#673821)
[4.4.2.3-24]
- fix thinko in the CVE backport
[4.4.2.3-23]
- fix CVE-2011-3378 (#742157)
[4.4.2.3-22]
- accept windows cr/lf line endings in gpg keys (#530212)
[4.4.2.3-21]
- Backport multilib ordering fixes from rpm 4.8.x (#641892)
N/ACopyright 2016 Oracle, Inc.CVE-2012-0060CVE-2012-0061CVE-2012-0815CVE-2013-6435rpm-libspoptrpmrpm-pythonoraclelinux-release66ced3de1e5e0159^5ia640:1.10.2.3-36.0.1.el5_110:4.4.2.3-36.0.1.el5_11x86_64i386