-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : rpm SUMMARY : RPM query vulnerability DATE : 2001-11-27 16:34:00 ID : CLA-2001:440 RELEVANT RELEASES : 7.0 - ------------------------------------------------------------------------- DESCRIPTION The RPM Package Manager (RPM) is the package management system used to distribute and install software by Conectiva Linux. zen-parse found[1] a vulnerability[2] in rpm wich allows an attacker to execute arbitrary code when an adultered rpm package is queried. A malicious user could exploit this vulnerability by sending a carefully crafted rpm package to the printing system, which will query the package to extract the information to print and will execute arbitrary code choosen by the attacker with the privileges of the lp user. Another situation is an administrator or any other user querying such a package to extract information (using rpm -qpi for example) and inadvertently executing arbitrary code from the attacker. SOLUTION All users should upgrade. We would like to thank Jeff Johnson <jbjat_private> for providing the patch to fix this vulnerability. REFERENCES: 1. http://www.securityfocus.com/archive/1/222542 2. http://www.securityfocus.com/bid/3472 DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/rpm-4.0.2-28U70_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/librpm-4.0.2-28U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/librpmbuild-4.0.2-28U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/popt-1.6.2-28U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/popt-devel-1.6.2-28U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/popt-devel-static-1.6.2-28U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/popt-doc-1.6.2-28U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/python-rpm-4.0.2-28U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm-4.0.2-28U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm-build-4.0.2-28U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm-devel-4.0.2-28U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm-devel-static-4.0.2-28U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm-doc-4.0.2-28U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rpm2cpio-4.0.2-28U70_1cl.i386.rpm ADDITIONAL INSTRUCTIONS Users of Conectiva Linux version 6.0 or higher may use apt to perform upgrades of RPM packages: - add the following line to /etc/apt/sources.list if it is not there yet (you may also use linuxconf to do this): rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates (replace 6.0 with the correct version number if you are not running CL6.0) - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en - ------------------------------------------------------------------------- subscribe: conectiva-updates-subscribeat_private unsubscribe: conectiva-updates-unsubscribeat_private -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8A9ze42jd0JmAcZARAgH5AKDtdGRkNRLl7k7G+EJaXnYS3k6XngCfQ5SW fzzyZ0ZhztHpL3HObZvgCzQ= =J5j9 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Nov 27 2001 - 13:20:43 PST