RPM 4.12.0.2 Release Notes

Download information

Summary of changes from RPM 4.12.0.1

Security fixes

  • Fix crash in file list compression on read of malformed package (RhBug:1273360)
  • Fix out-of-bounds read on query of malformed package (RhBug:1316896)
  • Fix two NULL pointer dereferences on query of malformed package (RhBug:1316903)
  • Fix overflow in cpio filename buffer (RhBug:1168715, CVE:2014-8118)
  • Fix leaking unchecked data to other programs (CVE:2013-6435)
  • Fix out-of-bounds read on signature checking of malformed package (RhBug:1373107)

General bugfixes

Package building

  • Fix RPMTAG_ARCHIVESIZE / RPMTAG_LONGARCHIVESIZE generation on big-endian systems (regression introduced in 4.12.0)

Build process

  • Adjust test-suite to work with fakechroot 2.18