openSUSE Security Update: Security update for python3-rpm, rpm, rpm-python ______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1716-1 Rating: moderate References: #892431 #906803 #908128 Cross-References: CVE-2013-6435 CVE-2014-8118 Affected Products: openSUSE 13.2 openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________
An update that solves two vulnerabilities and has one errata is now available.
Description:
This rpm update fixes the following security and non security issues:
- honor --noglob in install mode [bnc#892431] - check for bad invalid name sizes [bnc#908128] [CVE-2014-8118] - create files with mode 0 [bnc#906803] [CVE-2013-6435]
This update also includes version updates of rpm-python and python3-rpm.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2014-816
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-816
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-816
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.2 (i586 x86_64):
python3-rpm-4.11.3-4.2 python3-rpm-debuginfo-4.11.3-4.2 python3-rpm-debugsource-4.11.3-4.2 rpm-4.11.3-4.1 rpm-build-4.11.3-4.1 rpm-build-debuginfo-4.11.3-4.1 rpm-debuginfo-4.11.3-4.1 rpm-debugsource-4.11.3-4.1 rpm-devel-4.11.3-4.1 rpm-python-4.11.3-4.2 rpm-python-debuginfo-4.11.3-4.2 rpm-python-debugsource-4.11.3-4.2
- openSUSE 13.2 (x86_64):
rpm-32bit-4.11.3-4.1 rpm-debuginfo-32bit-4.11.3-4.1
- openSUSE 13.1 (i586 x86_64):
python3-rpm-4.11.1-6.9.1 python3-rpm-debuginfo-4.11.1-6.9.1 python3-rpm-debugsource-4.11.1-6.9.1 rpm-4.11.1-6.9.1 rpm-build-4.11.1-6.9.1 rpm-build-debuginfo-4.11.1-6.9.1 rpm-debuginfo-4.11.1-6.9.1 rpm-debugsource-4.11.1-6.9.1 rpm-devel-4.11.1-6.9.1 rpm-python-4.11.1-6.9.1 rpm-python-debuginfo-4.11.1-6.9.1 rpm-python-debugsource-4.11.1-6.9.1
- openSUSE 13.1 (x86_64):
rpm-32bit-4.11.1-6.9.1 rpm-debuginfo-32bit-4.11.1-6.9.1
- openSUSE 12.3 (i586 x86_64):
python3-rpm-4.10.2-2.4.1 python3-rpm-debuginfo-4.10.2-2.4.1 python3-rpm-debugsource-4.10.2-2.4.1 rpm-4.10.2-2.4.1 rpm-build-4.10.2-2.4.1 rpm-build-debuginfo-4.10.2-2.4.1 rpm-debuginfo-4.10.2-2.4.1 rpm-debugsource-4.10.2-2.4.1 rpm-devel-4.10.2-2.4.1 rpm-python-4.10.2-2.4.1 rpm-python-debuginfo-4.10.2-2.4.1 rpm-python-debugsource-4.10.2-2.4.1
- openSUSE 12.3 (x86_64):
rpm-32bit-4.10.2-2.4.1 rpm-debuginfo-32bit-4.10.2-2.4.1
References:
http://support.novell.com/security/cve/CVE-2013-6435.html http://support.novell.com/security/cve/CVE-2014-8118.html https://bugzilla.suse.com/show_bug.cgi?id=892431 https://bugzilla.suse.com/show_bug.cgi?id=906803 https://bugzilla.suse.com/show_bug.cgi?id=908128