Gentoo Archives: gentoo-announce

From: Sean Amoss <ackle@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201206-26 ] RPM: Multiple vulnerabilities
Date: Sun, 24 Jun 2012 23:13:50
Message-Id: 4FE79C4E.4070007@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201206-26
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: RPM: Multiple vulnerabilities
9 Date: June 24, 2012
10 Bugs: #335880, #384967, #410949
11 ID: 201206-26
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in RPM, possibly allowing
19 local attackers to gain elevated privileges or remote attackers to
20 execute arbitrary code.
21
22 Background
23 ==========
24
25 The Red Hat Package Manager (RPM) is a command line driven package
26 management system capable of installing, uninstalling, verifying,
27 querying, and updating computer software packages.
28
29 Affected packages
30 =================
31
32 -------------------------------------------------------------------
33 Package / Vulnerable / Unaffected
34 -------------------------------------------------------------------
35 1 app-arch/rpm < 4.9.1.3 >= 4.9.1.3
36
37 Description
38 ===========
39
40 Multiple vulnerabilities have been found in RPM:
41
42 * fsm.c fails to properly strip setuid and setgid bits from executable
43 files during a package upgrade (CVE-2010-2059).
44 * RPM does not properly parse spec files (CVE-2010-2197).
45 * fsm.c fails to properly strip POSIX file capabilities from executable
46 files during a package upgrade or removal (CVE-2010-2198).
47 * fsm.c fails to properly strip POSIX ACLs from executable files during
48 a package upgrade or removal (CVE-2010-2199).
49 * header.c does not properly parse region offsets in package files
50 (CVE-2011-3378).
51 * RPM does not properly sanitize region tags in package headers
52 (CVE-2012-0060).
53 * RPM does not properly sanitize region sizes in package headers
54 (CVE-2012-0061).
55 * RPM does not properly sanitize region offsets in package
56 headers(CVE-2012-0815).
57
58 Impact
59 ======
60
61 A local attacker may be able to gain elevated privileges. Furthermore,
62 a remote attacker could entice a user to open a specially crafted RPM
63 package, possibly resulting in execution of arbitrary code with the
64 privileges of the process or a Denial of Service condition.
65
66 Workaround
67 ==========
68
69 There is no known workaround at this time.
70
71 Resolution
72 ==========
73
74 All RPM users should upgrade to the latest version:
75
76 # emerge --sync
77 # emerge --ask --oneshot --verbose ">=app-arch/rpm-4.9.1.3"
78
79 References
80 ==========
81
82 [ 1 ] CVE-2010-2059
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2059
84 [ 2 ] CVE-2010-2197
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2197
86 [ 3 ] CVE-2010-2198
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2198
88 [ 4 ] CVE-2010-2199
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2199
90 [ 5 ] CVE-2011-3378
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3378
92 [ 6 ] CVE-2012-0060
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0060
94 [ 7 ] CVE-2012-0061
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0061
96 [ 8 ] CVE-2012-0815
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0815
98
99 Availability
100 ============
101
102 This GLSA and any updates to it are available for viewing at
103 the Gentoo Security Website:
104
105 http://security.gentoo.org/glsa/glsa-201206-26.xml
106
107 Concerns?
108 =========
109
110 Security is a primary focus of Gentoo Linux and ensuring the
111 confidentiality and security of our users' machines is of utmost
112 importance to us. Any security concerns should be addressed to
113 security@g.o or alternatively, you may file a bug at
114 https://bugs.gentoo.org.
115
116 License
117 =======
118
119 Copyright 2012 Gentoo Foundation, Inc; referenced text
120 belongs to its owner(s).
121
122 The contents of this document are licensed under the
123 Creative Commons - Attribution / Share Alike license.
124
125 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature