Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Scientific Linux: Key RPM Security Update for SL5.x & SL6.x - Major Flaws

Scientific Large Esm H446
Important: rpm security update
Date: Tue, 3 Apr 2012 08:32:06 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
curl-7.19.7-26.el6_2.4.i686.rpm
libcurl-7.19.7-26.el6_2.4.i686.rpm
libcurl-devel-7.19.7-26.el6_2.4.i686.rpm
libssh2-1.2.2-7.el6_2.3.i686.rpm
libssh2-devel-1.2.2-7.el6_2.3.i686.rpm
libssh2-docs-1.2.2-7.el6_2.3.i686.rpm
ruby-1.8.7.352-7.el6_2.i686.rpm
ruby-devel-1.8.7.352-7.el6_2.i686.rpm
ruby-docs-1.8.7.352-7.el6_2.i686.rpm
ruby-irb-1.8.7.352-7.el6_2.i686.rpm
ruby-libs-1.8.7.352-7.el6_2.i686.rpm
ruby-rdoc-1.8.7.352-7.el6_2.i686.rpm
ruby-ri-1.8.7.352-7.el6_2.i686.rpm
ruby-static-1.8.7.352-7.el6_2.i686.rpm
ruby-tcltk-1.8.7.352-7.el6_2.i686.rpm

x86_64:
curl-7.19.7-26.el6_2.4.x86_64.rpm
libcurl-7.19.7-26.el6_2.4.i686.rpm
libcurl-7.19.7-26.el6_2.4.x86_64.rpm
libcurl-devel-7.19.7-26.el6_2.4.i686.rpm
libcurl-devel-7.19.7-26.el6_2.4.x86_64.rpm
libssh2-1.2.2-7.el6_2.3.i686.rpm
libssh2-1.2.2-7.el6_2.3.x86_64.rpm
libssh2-devel-1.2.2-7.el6_2.3.i686.rpm
libssh2-devel-1.2.2-7.el6_2.3.x86_64.rpm
libssh2-docs-1.2.2-7.el6_2.3.x86_64.rpm
ruby-1.8.7.352-7.el6_2.x86_64.rpm
ruby-devel-1.8.7.352-7.el6_2.i686.rpm
ruby-devel-1.8.7.352-7.el6_2.x86_64.rpm
ruby-docs-1.8.7.352-7.el6_2.x86_64.rpm
ruby-irb-1.8.7.352-7.el6_2.x86_64.rpm
ruby-libs-1.8.7.352-7.el6_2.i686.rpm
ruby-libs-1.8.7.352-7.el6_2.x86_64.rpm
ruby-rdoc-1.8.7.352-7.el6_2.x86_64.rpm
ruby-ri-1.8.7.352-7.el6_2.x86_64.rpm
ruby-static-1.8.7.352-7.el6_2.x86_64.rpm
ruby-tcltk-1.8.7.352-7.el6_2.x86_64.rpm
Date: Wed, 4 Apr 2012 12:17:37 -0500
Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Sender: Security Errata for Scientific Linux
 
From: Patrick Riehecky 
Subject: Security ERRATA Important: rpm on SL5.x, SL6.x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis: Important: rpm security update
Issue Date: 2012-04-03
CVE Numbers: CVE-2012-0815
 CVE-2012-0060
 CVE-2012-0061

The RPM Package Manager (RPM) is a command-line driven package management
system capable of installing, uninstalling, verifying, querying, and
updating software packages.

Multiple flaws were found in the way RPM parsed package file headers. An
attacker could create a specially-crafted RPM package that, when its
package header was accessed, or during package signature verification,
could cause an application using the RPM library (such as the rpm command
line tool, or the yum and up2date package managers) to crash or,
potentially, execute arbitrary code. (CVE-2012-0060, CVE-2012-0061,
CVE-2012-0815)

Note: Although an RPM package can, by design, execute arbitrary code when
installed, this issue would allow a specially-crafted RPM package to
execute arbitrary code before its digital signature has been verified.

All RPM users should upgrade to these updated packages, which contain a
backported patch to correct these issues. All running applications linked
against the RPM library must be restarted for this update to take effect.

SL5:
 i386
 popt-1.10.2.3-28.el5_8.i386.rpm
 rpm-4.4.2.3-28.el5_8.i386.rpm
 rpm-apidocs-4.4.2.3-28.el5_8.i386.rpm
 rpm-build-4.4.2.3-28.el5_8.i386.rpm
 rpm-debuginfo-4.4.2.3-28.el5_8.i386.rpm
 rpm-devel-4.4.2.3-28.el5_8.i386.rpm
 rpm-libs-4.4.2.3-28.el5_8.i386.rpm
 rpm-python-4.4.2.3-28.el5_8.i386.rpm
 x86_64
 popt-1.10.2.3-28.el5_8.i386.rpm
 popt-1.10.2.3-28.el5_8.x86_64.rpm
 rpm-4.4.2.3-28.el5_8.x86_64.rpm
 rpm-apidocs-4.4.2.3-28.el5_8.x86_64.rpm
 rpm-build-4.4.2.3-28.el5_8.x86_64.rpm
 rpm-debuginfo-4.4.2.3-28.el5_8.i386.rpm
 rpm-debuginfo-4.4.2.3-28.el5_8.x86_64.rpm
 rpm-devel-4.4.2.3-28.el5_8.i386.rpm
 rpm-devel-4.4.2.3-28.el5_8.x86_64.rpm
 rpm-libs-4.4.2.3-28.el5_8.i386.rpm
 rpm-libs-4.4.2.3-28.el5_8.x86_64.rpm
 rpm-python-4.4.2.3-28.el5_8.x86_64.rpm
SL6:
 i386
 rpm-4.8.0-19.el6_2.1.i686.rpm
 rpm-build-4.8.0-19.el6_2.1.i686.rpm
 rpm-debuginfo-4.8.0-19.el6_2.1.i686.rpm
 rpm-devel-4.8.0-19.el6_2.1.i686.rpm
 rpm-libs-4.8.0-19.el6_2.1.i686.rpm
 rpm-python-4.8.0-19.el6_2.1.i686.rpm
 noarch
 rpm-apidocs-4.8.0-19.el6_2.1.noarch.rpm
 rpm-cron-4.8.0-19.el6_2.1.noarch.rpm
 x86_64
 rpm-4.8.0-19.el6_2.1.x86_64.rpm
 rpm-build-4.8.0-19.el6_2.1.x86_64.rpm
 rpm-debuginfo-4.8.0-19.el6_2.1.i686.rpm
 rpm-debuginfo-4.8.0-19.el6_2.1.x86_64.rpm
 rpm-devel-4.8.0-19.el6_2.1.i686.rpm
 rpm-devel-4.8.0-19.el6_2.1.x86_64.rpm
 rpm-libs-4.8.0-19.el6_2.1.i686.rpm
 rpm-libs-4.8.0-19.el6_2.1.x86_64.rpm
 rpm-python-4.8.0-19.el6_2.1.x86_64.rpm

- Scientific Linux Development Team