Nom du paquet
rpm
Date
2006-11-07
Advisory ID
MDKSA-2006:200
Affected versions
CS4.0 x86_64 , MNF2.0 i586 , 2006.0 i586 , 2007.0 x86_64 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2006.0 x86_64

Problem description

A heap-based buffer overflow was discovered in librpm when the LANG or
LC_ALL environment variable is set to ru_RU.UTF-8 (and possibly other
locales), which could allow for user-assisted attackers to execute
arbitrary code via crafted RPM packages.

Updated packages have been patched to correct this issue.

Updated packages

CS4.0 x86_64

 548bfdd47ad60fca2c30ab19d4bab7b1  corporate/4.0/x86_64/lib64popt0-1.10.2-4.1.20060mlcs4.x86_64.rpm
 98306a9c291d77934c03d7e42e33f0b6  corporate/4.0/x86_64/lib64popt0-devel-1.10.2-4.1.20060mlcs4.x86_64.rpm
 e09894f0501d95e5357e09afc3713a93  corporate/4.0/x86_64/lib64rpm4.4-4.4.2-4.1.20060mlcs4.x86_64.rpm
 c6143376c0afc117022e6a5b83ac9e70  corporate/4.0/x86_64/lib64rpm4.4-devel-4.4.2-4.1.20060mlcs4.x86_64.rpm
 d83c5d8652dbf5e53f98fb1513cda7ca  corporate/4.0/x86_64/popt-data-1.10.2-4.1.20060mlcs4.x86_64.rpm
 acf21af1fb2b3604f3b88bd37615bbd4  corporate/4.0/x86_64/python-rpm-4.4.2-4.1.20060mlcs4.x86_64.rpm
 f2d402a53ebff90949a4b6dc94ec0e0b  corporate/4.0/x86_64/rpm-4.4.2-4.1.20060mlcs4.x86_64.rpm
 40c08ef5cd6a733e8db92f483bc8e119  corporate/4.0/x86_64/rpm-build-4.4.2-4.1.20060mlcs4.x86_64.rpm 
 1270301a80dba2b81e4a0c320fbfbe1c  corporate/4.0/SRPMS/rpm-4.4.2-4.1.20060mlcs4.src.rpm

MNF2.0 i586

 9e79dfbf56472d3c8dc0ab385484845b  mnf/2.0/i586/popt-1.8.2-7.1.M20mdk.i586.rpm
 54eb886096865de5dde3e16a19107d73  mnf/2.0/i586/popt-devel-1.8.2-7.1.M20mdk.i586.rpm
 9f0096674b5fd8f0d4b31606bb72699a  mnf/2.0/i586/rpm-4.2.2-7.1.M20mdk.i586.rpm
 fa1f75f9f0ba9d54adde6aaa1034cab8  mnf/2.0/i586/rpm-build-4.2.2-7.1.M20mdk.i586.rpm
 f9259895086c858a718611b5c34ae452  mnf/2.0/i586/rpm-devel-4.2.2-7.1.M20mdk.i586.rpm
 f4665775866409e8d1aae83cd9feaf9b  mnf/2.0/i586/rpm-python-4.2.2-7.1.M20mdk.i586.rpm 
 d0314a43421e91d5955d8bca0f3d35e0  mnf/2.0/SRPMS/rpm-4.2.2-7.1.M20mdk.src.rpm

2006.0 i586

 b3fe19c583086bcbe6fe1adf8ebd67f9  2006.0/i586/libpopt0-1.10.2-4.1.20060mdk.i586.rpm
 a299990527f43947f04ee849b6ccfe8a  2006.0/i586/libpopt0-devel-1.10.2-4.1.20060mdk.i586.rpm
 530ffd2b719a8a9565ddbd33c73ddc58  2006.0/i586/librpm4.4-4.4.2-4.1.20060mdk.i586.rpm
 52cfd81dc7b1edf2a37a2f473281a456  2006.0/i586/librpm4.4-devel-4.4.2-4.1.20060mdk.i586.rpm
 263429da4f90f2404c7d45f4ed9ab469  2006.0/i586/popt-data-1.10.2-4.1.20060mdk.i586.rpm
 32f2ab6511b34c2483fe08ca510ee185  2006.0/i586/python-rpm-4.4.2-4.1.20060mdk.i586.rpm
 0e1f62683fbc9233fb155e66e50cd405  2006.0/i586/rpm-4.4.2-4.1.20060mdk.i586.rpm
 f8dee8f612d28cdc5a9587289ddbbdd9  2006.0/i586/rpm-build-4.4.2-4.1.20060mdk.i586.rpm 
 5f7eb369ce3e98bf38200249f49ebc51  2006.0/SRPMS/rpm-4.4.2-4.1.20060mdk.src.rpm

2007.0 x86_64

 fff2a71466af9a6e23583a4ea854258c  2007.0/x86_64/lib64popt0-1.10.6-10.1mdv2007.0.x86_64.rpm
 97602d4b17422835e55cafad1883cca5  2007.0/x86_64/lib64popt0-devel-1.10.6-10.1mdv2007.0.x86_64.rpm
 a5d31e5202cee164878500d00134eb3d  2007.0/x86_64/lib64rpm4.4-4.4.6-10.1mdv2007.0.x86_64.rpm
 88c90b1670b128e784fda4290973351d  2007.0/x86_64/lib64rpm4.4-devel-4.4.6-10.1mdv2007.0.x86_64.rpm
 bd74199394643d4ef13829fcd4fb27ab  2007.0/x86_64/perl-RPM-0.66-16.1mdv2007.0.x86_64.rpm
 d73e492a7290a6c12f500aff926c22b2  2007.0/x86_64/popt-data-1.10.6-10.1mdv2007.0.x86_64.rpm
 45dc5f66d45a6f4574f9e59d690e711c  2007.0/x86_64/python-rpm-4.4.6-10.1mdv2007.0.x86_64.rpm
 08b83d32b1eddc88dc39ee095ea15a9b  2007.0/x86_64/rpm-4.4.6-10.1mdv2007.0.x86_64.rpm
 18137bb3a65c0685a013f61f8b8aa173  2007.0/x86_64/rpm-build-4.4.6-10.1mdv2007.0.x86_64.rpm 
 0104fb281a097447faca48e642821df7  2007.0/SRPMS/rpm-4.4.6-10.1mdv2007.0.src.rpm

2007.0 i586

 a75aec8f4db96e061788e150c3fbd3f3  2007.0/i586/libpopt0-1.10.6-10.1mdv2007.0.i586.rpm
 54633d6a05bafe5a2c6d94849810ac75  2007.0/i586/libpopt0-devel-1.10.6-10.1mdv2007.0.i586.rpm
 5aa3a3c773dd1524e28af4a45d6d6e5c  2007.0/i586/librpm4.4-4.4.6-10.1mdv2007.0.i586.rpm
 ac7d8b20b6e3054b062b6ffe3b652b9d  2007.0/i586/librpm4.4-devel-4.4.6-10.1mdv2007.0.i586.rpm
 76a3d169fa999f3a2051152e875b0808  2007.0/i586/perl-RPM-0.66-16.1mdv2007.0.i586.rpm
 edce96423e51a56fe6803d9722a764d6  2007.0/i586/popt-data-1.10.6-10.1mdv2007.0.i586.rpm
 7245317fdbb0e3d8773a75e5da71d796  2007.0/i586/python-rpm-4.4.6-10.1mdv2007.0.i586.rpm
 d52b92cd397740be24a610fb44bea279  2007.0/i586/rpm-4.4.6-10.1mdv2007.0.i586.rpm
 b149eab9008351135d615b4e69d88d78  2007.0/i586/rpm-build-4.4.6-10.1mdv2007.0.i586.rpm 
 0104fb281a097447faca48e642821df7  2007.0/SRPMS/rpm-4.4.6-10.1mdv2007.0.src.rpm

CS3.0 x86_64

 c7f732b381ff418753de9ba382f42a38  corporate/3.0/x86_64/popt-1.8.2-10.1.C30mdk.x86_64.rpm
 9f343b17fa43f66baeb93f44ac8bd3d9  corporate/3.0/x86_64/popt-devel-1.8.2-10.1.C30mdk.x86_64.rpm
 71f374527714fc2e0be45609d7c9e956  corporate/3.0/x86_64/rpm-4.2.2-10.1.C30mdk.x86_64.rpm
 9ca03a9feb16989ee767450a2cedfad3  corporate/3.0/x86_64/rpm-build-4.2.2-10.1.C30mdk.x86_64.rpm
 988521e1ba9007e3e88d7271a2bcc574  corporate/3.0/x86_64/rpm-devel-4.2.2-10.1.C30mdk.x86_64.rpm
 d6071284bb55b081419470a199f92f27  corporate/3.0/x86_64/rpm-python-4.2.2-10.1.C30mdk.x86_64.rpm 
 0c7c6512006a56dcf99f667eb28fadb0  corporate/3.0/SRPMS/rpm-4.2.2-10.1.C30mdk.src.rpm

CS4.0 i586

 60b65100c5078653e358b29b3a70b151  corporate/4.0/i586/libpopt0-1.10.2-4.1.20060mlcs4.i586.rpm
 ab3e365a2f7b6b42e841f265d5c68df8  corporate/4.0/i586/libpopt0-devel-1.10.2-4.1.20060mlcs4.i586.rpm
 e3c3b28c10ae1f448e4f092d7b77b9e5  corporate/4.0/i586/librpm4.4-4.4.2-4.1.20060mlcs4.i586.rpm
 bd659e36ab98b5c97841a82991e42893  corporate/4.0/i586/librpm4.4-devel-4.4.2-4.1.20060mlcs4.i586.rpm
 8a00b925fd10cda6046cac3816efd244  corporate/4.0/i586/popt-data-1.10.2-4.1.20060mlcs4.i586.rpm
 a5af248a596e144895bc57abab04d3ed  corporate/4.0/i586/python-rpm-4.4.2-4.1.20060mlcs4.i586.rpm
 47fdc7ecf5027824b7964c5f5595947e  corporate/4.0/i586/rpm-4.4.2-4.1.20060mlcs4.i586.rpm
 4d3313d1f7d9f5cd5361d344631179a3  corporate/4.0/i586/rpm-build-4.4.2-4.1.20060mlcs4.i586.rpm 
 1270301a80dba2b81e4a0c320fbfbe1c  corporate/4.0/SRPMS/rpm-4.4.2-4.1.20060mlcs4.src.rpm

CS3.0 i586

 2f46b029bb818d93841b37d554d98475  corporate/3.0/i586/popt-1.8.2-10.1.C30mdk.i586.rpm
 52b641b4a54c58524fd8f57f01f5423b  corporate/3.0/i586/popt-devel-1.8.2-10.1.C30mdk.i586.rpm
 c78959edbe4de59934f77d41d050823e  corporate/3.0/i586/rpm-4.2.2-10.1.C30mdk.i586.rpm
 5c6e0c9d68bff54ab4ca8bff92c70f72  corporate/3.0/i586/rpm-build-4.2.2-10.1.C30mdk.i586.rpm
 5740c2383e15dc9fe63c9a39a8f886af  corporate/3.0/i586/rpm-devel-4.2.2-10.1.C30mdk.i586.rpm
 2da1896a1365e8397093cc4a4a315a17  corporate/3.0/i586/rpm-python-4.2.2-10.1.C30mdk.i586.rpm 
 0c7c6512006a56dcf99f667eb28fadb0  corporate/3.0/SRPMS/rpm-4.2.2-10.1.C30mdk.src.rpm

2006.0 x86_64

 bb14640ab8713c5b3f44cd15a6cbfd72  2006.0/x86_64/lib64popt0-1.10.2-4.1.20060mdk.x86_64.rpm
 5d4bd203f9844115a53fee6de190dabd  2006.0/x86_64/lib64popt0-devel-1.10.2-4.1.20060mdk.x86_64.rpm
 f242a162132559012189d600c38e21f3  2006.0/x86_64/lib64rpm4.4-4.4.2-4.1.20060mdk.x86_64.rpm
 4a17a2fd93eb74a639c58138396e8b89  2006.0/x86_64/lib64rpm4.4-devel-4.4.2-4.1.20060mdk.x86_64.rpm
 aac88e00af81aafbda4b0170c87871af  2006.0/x86_64/popt-data-1.10.2-4.1.20060mdk.x86_64.rpm
 3b03bfdd11a0d85fe2a8371b41047672  2006.0/x86_64/python-rpm-4.4.2-4.1.20060mdk.x86_64.rpm
 2f13fe1a05869bbc014872ba94adc651  2006.0/x86_64/rpm-4.4.2-4.1.20060mdk.x86_64.rpm
 ab18d859a504eb187f75c1b4485a2faa  2006.0/x86_64/rpm-build-4.4.2-4.1.20060mdk.x86_64.rpm 
 5f7eb369ce3e98bf38200249f49ebc51  2006.0/SRPMS/rpm-4.4.2-4.1.20060mdk.src.rpm

References