SUSE-SU-2012:0880-1: moderate: Security update for RPM

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Jul 16 11:08:33 MDT 2012 

   SUSE Security Update: Security update for RPM
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0880-1
Rating:             moderate
References:         #747225 #754281 #754284 #754285 
Cross-References:   CVE-2012-0060 CVE-2012-0061 CVE-2012-0815
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves three vulnerabilities and has one
   errata is now available.

Description:


   Multiple security vulnerabilities were reported in RPM
   which could have  been exploited via specially crafted RPM
   files to cause a denial of service  (application crash) or
   potentially allow attackers to execute arbitrary  code.

   Additionally, a non-security issue was fixed that could
   cause a division by  zero in cycles calculation under rare
   circumstances.

   Security Issue references:

   * CVE-2012-0815
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0815
   >
   * CVE-2012-0060
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0060
   >
   * CVE-2012-0061
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0061
   >



Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      popt-1.7-271.46.16
      popt-devel-1.7-271.46.16
      rpm-4.4.2-43.46.16
      rpm-devel-4.4.2-43.46.16
      rpm-python-4.4.2-43.46.16

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      popt-1.7-271.46.16
      popt-devel-1.7-271.46.16
      rpm-4.4.2-43.46.16
      rpm-devel-4.4.2-43.46.16
      rpm-python-4.4.2-43.46.16

   - SLE SDK 10 SP4 (i586):

      rpm-devel-4.4.2-43.46.16


References:

   http://support.novell.com/security/cve/CVE-2012-0060.html
   http://support.novell.com/security/cve/CVE-2012-0061.html
   http://support.novell.com/security/cve/CVE-2012-0815.html
   https://bugzilla.novell.com/747225
   https://bugzilla.novell.com/754281
   https://bugzilla.novell.com/754284
   https://bugzilla.novell.com/754285
   http://download.novell.com/patch/finder/?keywords=3437ad480e640b7bf5a09b96d1218988

More information about the sle-security-updates mailing list