Joined: 12 May 2004
|Posted: Sun Jun 24, 2012 11:26 pm Post subject: [ GLSA 201206-26 ] RPM: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: RPM: Multiple vulnerabilities (GLSA 201206-26)
Exploitable: local, remote
Date: June 24, 2012
Bug(s): #335880, #384967, #410949
Multiple vulnerabilities have been found in RPM, possibly allowing
local attackers to gain elevated privileges or remote attackers to execute
The Red Hat Package Manager (RPM) is a command line driven package
management system capable of installing, uninstalling, verifying,
querying, and updating computer software packages.
Vulnerable: < 184.108.40.206
Unaffected: >= 220.127.116.11
Architectures: All supported architectures
Multiple vulnerabilities have been found in RPM:
- fsm.c fails to properly strip setuid and setgid bits from executable
files during a package upgrade (CVE-2010-2059).
- RPM does not properly parse spec files (CVE-2010-2197).
- fsm.c fails to properly strip POSIX file capabilities from executable
files during a package upgrade or removal (CVE-2010-2198).
- fsm.c fails to properly strip POSIX ACLs from executable files during
a package upgrade or removal (CVE-2010-2199).
- header.c does not properly parse region offsets in package files
- RPM does not properly sanitize region tags in package headers
- RPM does not properly sanitize region sizes in package headers
- RPM does not properly sanitize region offsets in package
A local attacker may be able to gain elevated privileges. Furthermore, a
remote attacker could entice a user to open a specially crafted RPM
package, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
There is no known workaround at this time.
All RPM users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/rpm-18.104.22.168"