Important: rpm

2014-09-14T15:45:00
ID ALAS-2012-061
Type amazon
Reporter Amazon
Modified 2014-09-14T15:45:00

Description

Issue Overview:

Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code. (CVE-2012-0060 __, CVE-2012-0061 __, CVE-2012-0815 __)

Affected Packages:

rpm

Issue Correction:
Run yum update rpm to update your system.

New Packages:

i686:  
    rpm-python-4.8.0-19.38.amzn1.i686  
    rpm-build-4.8.0-19.38.amzn1.i686  
    rpm-cron-4.8.0-19.38.amzn1.i686  
    rpm-apidocs-4.8.0-19.38.amzn1.i686  
    rpm-libs-4.8.0-19.38.amzn1.i686  
    rpm-4.8.0-19.38.amzn1.i686  
    rpm-devel-4.8.0-19.38.amzn1.i686  
    rpm-debuginfo-4.8.0-19.38.amzn1.i686

src:  
    rpm-4.8.0-19.38.amzn1.src

x86_64:  
    rpm-4.8.0-19.38.amzn1.x86_64  
    rpm-python-4.8.0-19.38.amzn1.x86_64  
    rpm-debuginfo-4.8.0-19.38.amzn1.x86_64  
    rpm-devel-4.8.0-19.38.amzn1.x86_64  
    rpm-cron-4.8.0-19.38.amzn1.x86_64  
    rpm-build-4.8.0-19.38.amzn1.x86_64  
    rpm-apidocs-4.8.0-19.38.amzn1.x86_64  
    rpm-libs-4.8.0-19.38.amzn1.x86_64