openSUSE Security Update: Security update for python3-rpm, rpm, rpm-python ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:1716-1 Rating: moderate References: #892431 #906803 #908128 Cross-References: CVE-2013-6435 CVE-2014-8118 Affected Products: openSUSE 13.2 openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This rpm update fixes the following security and non security issues: - honor --noglob in install mode [bnc#892431] - check for bad invalid name sizes [bnc#908128] [CVE-2014-8118] - create files with mode 0 [bnc#906803] [CVE-2013-6435] This update also includes version updates of rpm-python and python3-rpm. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2014-816 - openSUSE 13.1: zypper in -t patch openSUSE-2014-816 - openSUSE 12.3: zypper in -t patch openSUSE-2014-816 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): python3-rpm-4.11.3-4.2 python3-rpm-debuginfo-4.11.3-4.2 python3-rpm-debugsource-4.11.3-4.2 rpm-4.11.3-4.1 rpm-build-4.11.3-4.1 rpm-build-debuginfo-4.11.3-4.1 rpm-debuginfo-4.11.3-4.1 rpm-debugsource-4.11.3-4.1 rpm-devel-4.11.3-4.1 rpm-python-4.11.3-4.2 rpm-python-debuginfo-4.11.3-4.2 rpm-python-debugsource-4.11.3-4.2 - openSUSE 13.2 (x86_64): rpm-32bit-4.11.3-4.1 rpm-debuginfo-32bit-4.11.3-4.1 - openSUSE 13.1 (i586 x86_64): python3-rpm-4.11.1-6.9.1 python3-rpm-debuginfo-4.11.1-6.9.1 python3-rpm-debugsource-4.11.1-6.9.1 rpm-4.11.1-6.9.1 rpm-build-4.11.1-6.9.1 rpm-build-debuginfo-4.11.1-6.9.1 rpm-debuginfo-4.11.1-6.9.1 rpm-debugsource-4.11.1-6.9.1 rpm-devel-4.11.1-6.9.1 rpm-python-4.11.1-6.9.1 rpm-python-debuginfo-4.11.1-6.9.1 rpm-python-debugsource-4.11.1-6.9.1 - openSUSE 13.1 (x86_64): rpm-32bit-4.11.1-6.9.1 rpm-debuginfo-32bit-4.11.1-6.9.1 - openSUSE 12.3 (i586 x86_64): python3-rpm-4.10.2-2.4.1 python3-rpm-debuginfo-4.10.2-2.4.1 python3-rpm-debugsource-4.10.2-2.4.1 rpm-4.10.2-2.4.1 rpm-build-4.10.2-2.4.1 rpm-build-debuginfo-4.10.2-2.4.1 rpm-debuginfo-4.10.2-2.4.1 rpm-debugsource-4.10.2-2.4.1 rpm-devel-4.10.2-2.4.1 rpm-python-4.10.2-2.4.1 rpm-python-debuginfo-4.10.2-2.4.1 rpm-python-debugsource-4.10.2-2.4.1 - openSUSE 12.3 (x86_64): rpm-32bit-4.10.2-2.4.1 rpm-debuginfo-32bit-4.10.2-2.4.1 References: http://support.novell.com/security/cve/CVE-2013-6435.html http://support.novell.com/security/cve/CVE-2014-8118.html https://bugzilla.suse.com/show_bug.cgi?id=892431 https://bugzilla.suse.com/show_bug.cgi?id=906803 https://bugzilla.suse.com/show_bug.cgi?id=908128