Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 410949 (CVE-2012-0060) - <app-arch/rpm-4.9.1.3: Multiple vulnerabilities (CVE-2012-{0060,0061,0815})
Summary: <app-arch/rpm-4.9.1.3: Multiple vulnerabilities (CVE-2012-{0060,0061,0815})
Status: RESOLVED FIXED
Alias: CVE-2012-0060
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-05 20:51 UTC by Tim Sammut (RETIRED)
Modified: 2012-06-24 23:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2012-04-05 20:51:58 UTC 
Three vulnerabilities have been found in rpm.

CVE-2012-0815 incorrect handling of negated offsets in
headerVerifyInfo()
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=6fc6b45bf9fef0f17a2900c6c5198bda5e50d09e

CVE-2012-0060 insufficient validation of region tags
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=f23998251992b8ae25faf5113c42fee2c49c7f29

CVE-2012-0061 improper validation of header contents total size in
headerLoad()
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6
Comment 1 Tomáš Chvátal (RETIRED) gentoo-dev 2012-06-01 13:59:25 UTC 
Added 4.9.1.3 which fixes this stuff.
Comment 2 Tomáš Chvátal (RETIRED) gentoo-dev 2012-06-01 14:01:14 UTC 
@arches:

Please stabilise and test app-arch/rpm-4.9.1.3.

The only problem is with the maintainer mode which all rpm versions suffer and I have no clue how to fix. If you figure that please feel free to patch it :-)
Comment 3 Agostino Sarubbo gentoo-dev 2012-06-02 13:37:43 UTC 
amd64 stable
Comment 4 Markus Meier gentoo-dev 2012-06-03 18:43:22 UTC 
arm stable
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2012-06-04 09:11:08 UTC 
Stable for HPPA.
Comment 6 Thomas Kahle (RETIRED) gentoo-dev 2012-06-04 14:44:13 UTC 
x86 stable
Comment 7 Brent Baude (RETIRED) gentoo-dev 2012-06-06 14:08:24 UTC 
ppc64 done
Comment 8 Brent Baude (RETIRED) gentoo-dev 2012-06-08 18:00:48 UTC 
ppc done
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2012-06-15 18:54:24 UTC 
CVE-2012-0815 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0815):
  The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows
  remote attackers to cause a denial of service (crash) and possibly execute
  arbitrary code via a negative value in a region offset of a package header,
  which is not properly handled in a numeric range comparison.

CVE-2012-0061 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0061):
  The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not
  properly validate region tags, which allows user-assisted remote attackers
  to cause a denial of service (crash) and possibly execute arbitrary code via
  a large region size in a package header.

CVE-2012-0060 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0060):
  RPM before 4.9.1.3 does not properly validate region tags, which allows
  remote attackers to cause a denial of service (crash) and possibly execute
  arbitrary code via an invalid region tag in a package header to the (1)
  headerLoad, (2) rpmReadSignature, or (3) headerVerify function.
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2012-06-23 17:09:23 UTC 
alpha/ia64/s390/sh/sparc stable
Comment 11 Sean Amoss (RETIRED) gentoo-dev Security 2012-06-23 19:36:27 UTC 
Thanks, everyone. Appending to existing GLSA draft.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2012-06-24 23:08:47 UTC 
This issue was resolved and addressed in
 GLSA 201206-26 at http://security.gentoo.org/glsa/glsa-201206-26.xml
by GLSA coordinator Sean Amoss (ackle).