Описание
ELSA-2014-1976: rpm security update (IMPORTANT)
[4.11.1-18]
- Add check against malicious CPIO file name size (#1163060)
- Fixes CVE-2014-8118
[4.11.1-17]
- Fix race condidition where unchecked data is exposed in the file system (#1163060)
- Fixes CVE-2013-6435
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
rpm
4.11.1-18.el7_0
rpm-apidocs
4.11.1-18.el7_0
rpm-build
4.11.1-18.el7_0
rpm-build-libs
4.11.1-18.el7_0
rpm-cron
4.11.1-18.el7_0
rpm-devel
4.11.1-18.el7_0
rpm-libs
4.11.1-18.el7_0
rpm-python
4.11.1-18.el7_0
rpm-sign
4.11.1-18.el7_0
Связанные CVE
Связанные уязвимости
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
Integer overflow in RPM 4.12 and earlier allows remote attackers to ex ...
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.