USN-378-1: RPM vulnerability
Posted on: 11/04/2006 05:20 AM

A new RPM vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-378-1 November 04, 2006
rpm vulnerability
CVE-2006-5466
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
librpm4 4.4.1-5ubuntu2.1

Ubuntu 6.10:
librpm4 4.4.1-9.1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

An error was found in the RPM library's handling of query reports. In=20
some locales, certain RPM packages would cause the library to crash. If=20
a user was tricked into querying a specially crafted RPM package, the=20
flaw could be exploited to execute arbitrary code with the user's=20
privileges.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-5ubuntu2.1.=
diff.gz
Size/MD5: 274437 77abf35a4c17b8ac8742700eb857e114
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-5ubuntu2.1.=
dsc
Size/MD5: 924 d4e94116e759ba86b6bf73ac32d8fcfd
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1.orig.tar.gz
Size/MD5: 11497447 90ded9047b1b69d918c6c7c7b56fd7a9

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.4.1-5ubu=
ntu2.1_amd64.deb
Size/MD5: 1384092 0ce64761ca1fc50b3b859cb2672f8889
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.4.1-5ubuntu=
2.1_amd64.deb
Size/MD5: 1023236 f60a4b3c8616b84e12b8f4a44a394277
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.4.1-5ub=
untu2.1_amd64.deb
Size/MD5: 2635094 894af1cced29645e0386852c04735f63
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/python2.4-rpm_4.4=
=2E1-5ubuntu2.1_amd64.deb
Size/MD5: 548476 258dd9aaa0df9187d21da57874c7b240
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-5ubuntu2.1_=
amd64.deb
Size/MD5: 615958 3fb5b37fed9723346842f30e396fd709

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.4.1-5ubu=
ntu2.1_i386.deb
Size/MD5: 1261978 7598d7e093324228cdaee3f5e747a920
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.4.1-5ubuntu=
2.1_i386.deb
Size/MD5: 933166 ceb5acbc6c28f730665bd7b1695ab3da
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.4.1-5ub=
untu2.1_i386.deb
Size/MD5: 2280872 5d7aaed850c18779385f93939e40d862
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/python2.4-rpm_4.4=
=2E1-5ubuntu2.1_i386.deb
Size/MD5: 473910 321ac67b58315d42f90c1370717c5e52
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-5ubuntu2.1_=
i386.deb
Size/MD5: 598080 457d374399fb2c7cd88adee523f0e7c8

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.4.1-5ubu=
ntu2.1_powerpc.deb
Size/MD5: 1311550 05d97ccbd989e72cc70f916529b10dbb
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.4.1-5ubuntu=
2.1_powerpc.deb
Size/MD5: 999330 13272c1c6eae0299a04bcf44fee0e4d3
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.4.1-5ub=
untu2.1_powerpc.deb
Size/MD5: 2690476 3cf910dd613f35dd43ea58a1d37923a3
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/python2.4-rpm_4.4=
=2E1-5ubuntu2.1_powerpc.deb
Size/MD5: 579040 96277e2026fba155782f6421726467cc
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-5ubuntu2.1_=
powerpc.deb
Size/MD5: 624534 0d4f47296b07081cdc2de7673d96391e

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.4.1-5ubu=
ntu2.1_sparc.deb
Size/MD5: 1303352 1b38f39032ea0062b9734640eb9ee973
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.4.1-5ubuntu=
2.1_sparc.deb
Size/MD5: 956194 b91a160d3d9a595c55a67060d2e81842
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.4.1-5ub=
untu2.1_sparc.deb
Size/MD5: 2517620 868655bab40c32a7f70e3576f9096b3d
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/python2.4-rpm_4.4=
=2E1-5ubuntu2.1_sparc.deb
Size/MD5: 517742 0484154d20086493a7bf20af7023d8ee
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-5ubuntu2.1_=
sparc.deb
Size/MD5: 601254 4fddde165735e43ed8ff2804fb71aec0

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-9.1ubuntu0.=
1.diff.gz
Size/MD5: 242934 02f368554b37b62c0374caae5dda121d
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-9.1ubuntu0.=
1.dsc
Size/MD5: 1012 23eb25fabf0a57cb9b36314d4b30500b
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1.orig.tar.gz
Size/MD5: 11497447 90ded9047b1b69d918c6c7c7b56fd7a9

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.4.1-9.1u=
buntu0.1_amd64.deb
Size/MD5: 1382146 7175f800c20a9f075c5898b6c3deae25
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.4.1-9.1ubun=
tu0.1_amd64.deb
Size/MD5: 1019772 9000c57678db6219b52fa321e953d98c
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.4.1-9.1=
ubuntu0.1_amd64.deb
Size/MD5: 2652810 a2f8add8ba2e3bbd114d1d4ffa5097ca
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/python-rpm_4.4.1-=
9.1ubuntu0.1_amd64.deb
Size/MD5: 621204 bc6a2dd2638b988af3b7b427bf7202f4
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-9.1ubuntu0.=
1_amd64.deb
Size/MD5: 614232 aa80f556ac460cff24496671a8e228c6

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.4.1-9.1u=
buntu0.1_i386.deb
Size/MD5: 1304188 aa4728b03210130660c8e1e0b6e3f9b7
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.4.1-9.1ubun=
tu0.1_i386.deb
Size/MD5: 972672 27231318ad285d94df3b53bdd7bd3304
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.4.1-9.1=
ubuntu0.1_i386.deb
Size/MD5: 2396326 eaf7611282e5a71c528f4ae73e13eecd
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/python-rpm_4.4.1-=
9.1ubuntu0.1_i386.deb
Size/MD5: 562296 7da71f2d1f6e395cc31c8a0cf62b8d7b
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-9.1ubuntu0.=
1_i386.deb
Size/MD5: 600474 c4d90eb73da915b8a9794d3b306c3a82

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.4.1-9.1u=
buntu0.1_powerpc.deb
Size/MD5: 1317886 9d1001cdef76576eded57c664596dd69
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.4.1-9.1ubun=
tu0.1_powerpc.deb
Size/MD5: 1006046 78ffab0bb25257065732eaea760bfb6c
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.4.1-9.1=
ubuntu0.1_powerpc.deb
Size/MD5: 2689222 678c23972680321fb2226c1c57015a26
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/python-rpm_4.4.1-=
9.1ubuntu0.1_powerpc.deb
Size/MD5: 655628 f5b6f0286b05c3860c36f524d14bc16d
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-9.1ubuntu0.=
1_powerpc.deb
Size/MD5: 624374 900601d9f85479a0a1729bc0fbec97c5

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm-dev_4.4.1-9.1u=
buntu0.1_sparc.deb
Size/MD5: 1315202 666faaca96fda5b4eeb4500d06ca2f8b
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/librpm4_4.4.1-9.1ubun=
tu0.1_sparc.deb
Size/MD5: 964398 3ddc1cbc601b08a4504edbdbda46720c
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/lsb-rpm_4.4.1-9.1=
ubuntu0.1_sparc.deb
Size/MD5: 2511934 44a14ac694c0694bd5edd4f541c38181
http://security.ubuntu.com/ubuntu/pool/universe/r/rpm/python-rpm_4.4.1-=
9.1ubuntu0.1_sparc.deb
Size/MD5: 599148 99a398097159e7521fa170ebd7a60f78
http://security.ubuntu.com/ubuntu/pool/main/r/rpm/rpm_4.4.1-9.1ubuntu0.=
1_sparc.deb
Size/MD5: 600120 2304b7fd16c94ba7d72f23b3b06d54e9

--o+ZCuNqY+dEAKBWl
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFTAUjH/9LqRcGPm0RAhb3AJ95iVD3reInrri8dO4eT03aA7tjNACfTsTT
jivC6Mq4Z+XCnvO0fuDUlwQ=
=XpKw
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_378_1_rpm_vulnerability.html)