RPM 220.127.116.11 Release Notes
- rpm-18.104.22.168.tar.bz2 source
- SHA1SUM: 5ec557424d90461f76d4ad30bfb6653b79920d58
Summary of changes from RPM 22.214.171.124
This is a mainly a security update for CVE:2011-3378, with just one additional fix for a severe signal handling regression in RPM 4.9.1 and 126.96.36.199.
- Do more thorough sanity checking on header (region) offsets when loading headers to avoid crashes (memory corruption, buffer overflows) on malformed packages (CVE:2011-3378, originally reported as RhBug:741606)
General bugfixes and enhancements
- Fix a regression in RPM 4.9.1 and 188.8.131.52 rpmdb-related signal handling which can cause rpmdb not to be shut down cleanly on eg ctrl-c (RhBug:739492)