|
|
Subscribe / Log in / New account

openSUSE alert openSUSE-SU-2014:1716-1 (python3-rpm,)



From:
    	      opensuse-security@opensuse.org 


To:
    	      opensuse-updates@opensuse.org 


Subject:
    	      openSUSE-SU-2014:1716-1: moderate: Security update for python3-rpm, rpm, rpm-python 


Date:
    	      Sat, 27 Dec 2014 22:04:50 +0100 (CET)


Message-ID:
    	      <20141227210450.16E423235C@maintenance.suse.de>


   openSUSE Security Update: Security update for python3-rpm, rpm, rpm-python
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2014:1716-1
Rating:             moderate
References:         #892431 #906803 #908128 
Cross-References:   CVE-2013-6435 CVE-2014-8118
Affected Products:
                    openSUSE 13.2
                    openSUSE 13.1
                    openSUSE 12.3
______________________________________________________________________________

   An update that solves two vulnerabilities and has one
   errata is now available.

Description:

   This rpm update fixes the following security and non security issues:

   - honor --noglob in install mode [bnc#892431]
   - check for bad invalid name sizes [bnc#908128] [CVE-2014-8118]
   - create files with mode 0 [bnc#906803] [CVE-2013-6435]

   This update also includes version updates of rpm-python and python3-rpm.


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.2:

      zypper in -t patch openSUSE-2014-816

   - openSUSE 13.1:

      zypper in -t patch openSUSE-2014-816

   - openSUSE 12.3:

      zypper in -t patch openSUSE-2014-816

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 13.2 (i586 x86_64):

      python3-rpm-4.11.3-4.2
      python3-rpm-debuginfo-4.11.3-4.2
      python3-rpm-debugsource-4.11.3-4.2
      rpm-4.11.3-4.1
      rpm-build-4.11.3-4.1
      rpm-build-debuginfo-4.11.3-4.1
      rpm-debuginfo-4.11.3-4.1
      rpm-debugsource-4.11.3-4.1
      rpm-devel-4.11.3-4.1
      rpm-python-4.11.3-4.2
      rpm-python-debuginfo-4.11.3-4.2
      rpm-python-debugsource-4.11.3-4.2

   - openSUSE 13.2 (x86_64):

      rpm-32bit-4.11.3-4.1
      rpm-debuginfo-32bit-4.11.3-4.1

   - openSUSE 13.1 (i586 x86_64):

      python3-rpm-4.11.1-6.9.1
      python3-rpm-debuginfo-4.11.1-6.9.1
      python3-rpm-debugsource-4.11.1-6.9.1
      rpm-4.11.1-6.9.1
      rpm-build-4.11.1-6.9.1
      rpm-build-debuginfo-4.11.1-6.9.1
      rpm-debuginfo-4.11.1-6.9.1
      rpm-debugsource-4.11.1-6.9.1
      rpm-devel-4.11.1-6.9.1
      rpm-python-4.11.1-6.9.1
      rpm-python-debuginfo-4.11.1-6.9.1
      rpm-python-debugsource-4.11.1-6.9.1

   - openSUSE 13.1 (x86_64):

      rpm-32bit-4.11.1-6.9.1
      rpm-debuginfo-32bit-4.11.1-6.9.1

   - openSUSE 12.3 (i586 x86_64):

      python3-rpm-4.10.2-2.4.1
      python3-rpm-debuginfo-4.10.2-2.4.1
      python3-rpm-debugsource-4.10.2-2.4.1
      rpm-4.10.2-2.4.1
      rpm-build-4.10.2-2.4.1
      rpm-build-debuginfo-4.10.2-2.4.1
      rpm-debuginfo-4.10.2-2.4.1
      rpm-debugsource-4.10.2-2.4.1
      rpm-devel-4.10.2-2.4.1
      rpm-python-4.10.2-2.4.1
      rpm-python-debuginfo-4.10.2-2.4.1
      rpm-python-debugsource-4.10.2-2.4.1

   - openSUSE 12.3 (x86_64):

      rpm-32bit-4.10.2-2.4.1
      rpm-debuginfo-32bit-4.10.2-2.4.1


References:

   http://support.novell.com/security/cve/CVE-2013-6435.html
   http://support.novell.com/security/cve/CVE-2014-8118.html
   https://bugzilla.suse.com/show_bug.cgi?id=892431
   https://bugzilla.suse.com/show_bug.cgi?id=906803
   https://bugzilla.suse.com/show_bug.cgi?id=908128
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds