이 콘텐츠는 선택한 언어로 제공되지 않습니다.

4.274. rpm


Updated rpm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below.
The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.

Security Fix

CVE-2012-0060, CVE-2012-0061, CVE-2012-0815
Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code.
Note: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially-crafted RPM package to execute arbitrary code before its digital signature has been verified. Package downloads from the Red Hat Network are protected by the use of a secure HTTPS connection in addition to the RPM package signature checks.
All RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.
Updated rpm packages that fix several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.
The RPM Package Manager (RPM) is a powerful command line driven package management system that can install, uninstall, verify, query and update software packages.

Bug Fixes

BZ#651951
Prior to this update, RPM did not allow for self-conflicts. As a result, a package could not be installed if a conflict was added against the name of this package. With this update self-conflicts are permitted. Now, packages can be installed as expected.
BZ#674348
The rpm2cpio.sh utility was omitted when RPM switched the default compression format for the package payload to xz. As a consequence, the utility was not able to extract files. This update adds the xz support for rpm2cpio.sh and the utility now extracts files successfully.
BZ#705115
Prior to this update, when installing a package containing the same files as an already installed package, the file with the less preferred architecture was overwritten silently even if the file was not a binary. With this update, only binary files can overwrite other binary files; conflicting non-identical and non-binary files print an error message.
BZ#705993
Previously, files, that were listed in the spec file with the %defattr(-) directive, did not keep the attributes they had in the build root. With this update, the modified RPM can now keep these attributes.
BZ#707449
Prior to this update, signing packages that had already been signed with the same key could cause the entire signing process to abort. With this update, RPM is modified so that packages with identical signatures are skipped and the others are signed.
BZ#721363
Prior to this update, passing packages with a broken signature could cause the librpm library to crash. The source code has been revised and broken signatures are now rejected.

Enhancement

BZ#680889
Previously, importing GPG keys that had already been imported before could cause RPM to fail with an error message. RPM has been modified and now imports the keys successfully.
All users of RPM are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.
Red Hat logoGithubRedditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

© 2024 Red Hat, Inc.