[ MDKSA-2006:200 ] - Updated rpm packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:200
http://www.mandriva.com/security/
_______________________________________________________________________
Package : rpm
Date : November 7, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A heap-based buffer overflow was discovered in librpm when the LANG or
LC_ALL environment variable is set to ru_RU.UTF-8 (and possibly other
locales), which could allow for user-assisted attackers to execute
arbitrary code via crafted RPM packages.
Updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5466
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212833
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
b3fe19c583086bcbe6fe1adf8ebd67f9
2006.0/i586/libpopt0-1.10.2-4.1.20060mdk.i586.rpm
a299990527f43947f04ee849b6ccfe8a
2006.0/i586/libpopt0-devel-1.10.2-4.1.20060mdk.i586.rpm
530ffd2b719a8a9565ddbd33c73ddc58
2006.0/i586/librpm4.4-4.4.2-4.1.20060mdk.i586.rpm
52cfd81dc7b1edf2a37a2f473281a456
2006.0/i586/librpm4.4-devel-4.4.2-4.1.20060mdk.i586.rpm
263429da4f90f2404c7d45f4ed9ab469
2006.0/i586/popt-data-1.10.2-4.1.20060mdk.i586.rpm
32f2ab6511b34c2483fe08ca510ee185
2006.0/i586/python-rpm-4.4.2-4.1.20060mdk.i586.rpm
0e1f62683fbc9233fb155e66e50cd405 2006.0/i586/rpm-4.4.2-4.1.20060mdk.i586.rpm
f8dee8f612d28cdc5a9587289ddbbdd9
2006.0/i586/rpm-build-4.4.2-4.1.20060mdk.i586.rpm
5f7eb369ce3e98bf38200249f49ebc51 2006.0/SRPMS/rpm-4.4.2-4.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
bb14640ab8713c5b3f44cd15a6cbfd72
2006.0/x86_64/lib64popt0-1.10.2-4.1.20060mdk.x86_64.rpm
5d4bd203f9844115a53fee6de190dabd
2006.0/x86_64/lib64popt0-devel-1.10.2-4.1.20060mdk.x86_64.rpm
f242a162132559012189d600c38e21f3
2006.0/x86_64/lib64rpm4.4-4.4.2-4.1.20060mdk.x86_64.rpm
4a17a2fd93eb74a639c58138396e8b89
2006.0/x86_64/lib64rpm4.4-devel-4.4.2-4.1.20060mdk.x86_64.rpm
aac88e00af81aafbda4b0170c87871af
2006.0/x86_64/popt-data-1.10.2-4.1.20060mdk.x86_64.rpm
3b03bfdd11a0d85fe2a8371b41047672
2006.0/x86_64/python-rpm-4.4.2-4.1.20060mdk.x86_64.rpm
2f13fe1a05869bbc014872ba94adc651
2006.0/x86_64/rpm-4.4.2-4.1.20060mdk.x86_64.rpm
ab18d859a504eb187f75c1b4485a2faa
2006.0/x86_64/rpm-build-4.4.2-4.1.20060mdk.x86_64.rpm
5f7eb369ce3e98bf38200249f49ebc51 2006.0/SRPMS/rpm-4.4.2-4.1.20060mdk.src.rpm
Mandriva Linux 2007.0:
a75aec8f4db96e061788e150c3fbd3f3
2007.0/i586/libpopt0-1.10.6-10.1mdv2007.0.i586.rpm
54633d6a05bafe5a2c6d94849810ac75
2007.0/i586/libpopt0-devel-1.10.6-10.1mdv2007.0.i586.rpm
5aa3a3c773dd1524e28af4a45d6d6e5c
2007.0/i586/librpm4.4-4.4.6-10.1mdv2007.0.i586.rpm
ac7d8b20b6e3054b062b6ffe3b652b9d
2007.0/i586/librpm4.4-devel-4.4.6-10.1mdv2007.0.i586.rpm
76a3d169fa999f3a2051152e875b0808
2007.0/i586/perl-RPM-0.66-16.1mdv2007.0.i586.rpm
edce96423e51a56fe6803d9722a764d6
2007.0/i586/popt-data-1.10.6-10.1mdv2007.0.i586.rpm
7245317fdbb0e3d8773a75e5da71d796
2007.0/i586/python-rpm-4.4.6-10.1mdv2007.0.i586.rpm
d52b92cd397740be24a610fb44bea279 2007.0/i586/rpm-4.4.6-10.1mdv2007.0.i586.rpm
b149eab9008351135d615b4e69d88d78
2007.0/i586/rpm-build-4.4.6-10.1mdv2007.0.i586.rpm
0104fb281a097447faca48e642821df7 2007.0/SRPMS/rpm-4.4.6-10.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
fff2a71466af9a6e23583a4ea854258c
2007.0/x86_64/lib64popt0-1.10.6-10.1mdv2007.0.x86_64.rpm
97602d4b17422835e55cafad1883cca5
2007.0/x86_64/lib64popt0-devel-1.10.6-10.1mdv2007.0.x86_64.rpm
a5d31e5202cee164878500d00134eb3d
2007.0/x86_64/lib64rpm4.4-4.4.6-10.1mdv2007.0.x86_64.rpm
88c90b1670b128e784fda4290973351d
2007.0/x86_64/lib64rpm4.4-devel-4.4.6-10.1mdv2007.0.x86_64.rpm
bd74199394643d4ef13829fcd4fb27ab
2007.0/x86_64/perl-RPM-0.66-16.1mdv2007.0.x86_64.rpm
d73e492a7290a6c12f500aff926c22b2
2007.0/x86_64/popt-data-1.10.6-10.1mdv2007.0.x86_64.rpm
45dc5f66d45a6f4574f9e59d690e711c
2007.0/x86_64/python-rpm-4.4.6-10.1mdv2007.0.x86_64.rpm
08b83d32b1eddc88dc39ee095ea15a9b
2007.0/x86_64/rpm-4.4.6-10.1mdv2007.0.x86_64.rpm
18137bb3a65c0685a013f61f8b8aa173
2007.0/x86_64/rpm-build-4.4.6-10.1mdv2007.0.x86_64.rpm
0104fb281a097447faca48e642821df7 2007.0/SRPMS/rpm-4.4.6-10.1mdv2007.0.src.rpm
Corporate 3.0:
2f46b029bb818d93841b37d554d98475
corporate/3.0/i586/popt-1.8.2-10.1.C30mdk.i586.rpm
52b641b4a54c58524fd8f57f01f5423b
corporate/3.0/i586/popt-devel-1.8.2-10.1.C30mdk.i586.rpm
c78959edbe4de59934f77d41d050823e
corporate/3.0/i586/rpm-4.2.2-10.1.C30mdk.i586.rpm
5c6e0c9d68bff54ab4ca8bff92c70f72
corporate/3.0/i586/rpm-build-4.2.2-10.1.C30mdk.i586.rpm
5740c2383e15dc9fe63c9a39a8f886af
corporate/3.0/i586/rpm-devel-4.2.2-10.1.C30mdk.i586.rpm
2da1896a1365e8397093cc4a4a315a17
corporate/3.0/i586/rpm-python-4.2.2-10.1.C30mdk.i586.rpm
0c7c6512006a56dcf99f667eb28fadb0
corporate/3.0/SRPMS/rpm-4.2.2-10.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
c7f732b381ff418753de9ba382f42a38
corporate/3.0/x86_64/popt-1.8.2-10.1.C30mdk.x86_64.rpm
9f343b17fa43f66baeb93f44ac8bd3d9
corporate/3.0/x86_64/popt-devel-1.8.2-10.1.C30mdk.x86_64.rpm
71f374527714fc2e0be45609d7c9e956
corporate/3.0/x86_64/rpm-4.2.2-10.1.C30mdk.x86_64.rpm
9ca03a9feb16989ee767450a2cedfad3
corporate/3.0/x86_64/rpm-build-4.2.2-10.1.C30mdk.x86_64.rpm
988521e1ba9007e3e88d7271a2bcc574
corporate/3.0/x86_64/rpm-devel-4.2.2-10.1.C30mdk.x86_64.rpm
d6071284bb55b081419470a199f92f27
corporate/3.0/x86_64/rpm-python-4.2.2-10.1.C30mdk.x86_64.rpm
0c7c6512006a56dcf99f667eb28fadb0
corporate/3.0/SRPMS/rpm-4.2.2-10.1.C30mdk.src.rpm
Corporate 4.0:
60b65100c5078653e358b29b3a70b151
corporate/4.0/i586/libpopt0-1.10.2-4.1.20060mlcs4.i586.rpm
ab3e365a2f7b6b42e841f265d5c68df8
corporate/4.0/i586/libpopt0-devel-1.10.2-4.1.20060mlcs4.i586.rpm
e3c3b28c10ae1f448e4f092d7b77b9e5
corporate/4.0/i586/librpm4.4-4.4.2-4.1.20060mlcs4.i586.rpm
bd659e36ab98b5c97841a82991e42893
corporate/4.0/i586/librpm4.4-devel-4.4.2-4.1.20060mlcs4.i586.rpm
8a00b925fd10cda6046cac3816efd244
corporate/4.0/i586/popt-data-1.10.2-4.1.20060mlcs4.i586.rpm
a5af248a596e144895bc57abab04d3ed
corporate/4.0/i586/python-rpm-4.4.2-4.1.20060mlcs4.i586.rpm
47fdc7ecf5027824b7964c5f5595947e
corporate/4.0/i586/rpm-4.4.2-4.1.20060mlcs4.i586.rpm
4d3313d1f7d9f5cd5361d344631179a3
corporate/4.0/i586/rpm-build-4.4.2-4.1.20060mlcs4.i586.rpm
1270301a80dba2b81e4a0c320fbfbe1c
corporate/4.0/SRPMS/rpm-4.4.2-4.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
548bfdd47ad60fca2c30ab19d4bab7b1
corporate/4.0/x86_64/lib64popt0-1.10.2-4.1.20060mlcs4.x86_64.rpm
98306a9c291d77934c03d7e42e33f0b6
corporate/4.0/x86_64/lib64popt0-devel-1.10.2-4.1.20060mlcs4.x86_64.rpm
e09894f0501d95e5357e09afc3713a93
corporate/4.0/x86_64/lib64rpm4.4-4.4.2-4.1.20060mlcs4.x86_64.rpm
c6143376c0afc117022e6a5b83ac9e70
corporate/4.0/x86_64/lib64rpm4.4-devel-4.4.2-4.1.20060mlcs4.x86_64.rpm
d83c5d8652dbf5e53f98fb1513cda7ca
corporate/4.0/x86_64/popt-data-1.10.2-4.1.20060mlcs4.x86_64.rpm
acf21af1fb2b3604f3b88bd37615bbd4
corporate/4.0/x86_64/python-rpm-4.4.2-4.1.20060mlcs4.x86_64.rpm
f2d402a53ebff90949a4b6dc94ec0e0b
corporate/4.0/x86_64/rpm-4.4.2-4.1.20060mlcs4.x86_64.rpm
40c08ef5cd6a733e8db92f483bc8e119
corporate/4.0/x86_64/rpm-build-4.4.2-4.1.20060mlcs4.x86_64.rpm
1270301a80dba2b81e4a0c320fbfbe1c
corporate/4.0/SRPMS/rpm-4.4.2-4.1.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
9e79dfbf56472d3c8dc0ab385484845b mnf/2.0/i586/popt-1.8.2-7.1.M20mdk.i586.rpm
54eb886096865de5dde3e16a19107d73
mnf/2.0/i586/popt-devel-1.8.2-7.1.M20mdk.i586.rpm
9f0096674b5fd8f0d4b31606bb72699a mnf/2.0/i586/rpm-4.2.2-7.1.M20mdk.i586.rpm
fa1f75f9f0ba9d54adde6aaa1034cab8
mnf/2.0/i586/rpm-build-4.2.2-7.1.M20mdk.i586.rpm
f9259895086c858a718611b5c34ae452
mnf/2.0/i586/rpm-devel-4.2.2-7.1.M20mdk.i586.rpm
f4665775866409e8d1aae83cd9feaf9b
mnf/2.0/i586/rpm-python-4.2.2-7.1.M20mdk.i586.rpm
d0314a43421e91d5955d8bca0f3d35e0 mnf/2.0/SRPMS/rpm-4.2.2-7.1.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFUMMrmqjQ0CJFipgRAhcbAKD217NjTUzIQdMQMNuwn+ArN97/2wCgiD8k
zVsJvCAAcp3sDz6y85AH0UA=
=oYei
-----END PGP SIGNATURE-----