RPM 4.9.1.2 Release Notes

  1. Download information
  2. Summary of changes from RPM 4.9.1.1
    1. Security
    2. General bugfixes and enhancements

Download information

Summary of changes from RPM 4.9.1.1

This is a mainly a security update for CVE:2011-3378, with just one additional fix for a severe signal handling regression in RPM 4.9.1 and 4.9.1.1.

Security

  • Do more thorough sanity checking on header (region) offsets when loading headers to avoid crashes (memory corruption, buffer overflows) on malformed packages (CVE:2011-3378, originally reported as RhBug:741606)

General bugfixes and enhancements

  • Fix a regression in RPM 4.9.1 and 4.9.1.1 rpmdb-related signal handling which can cause rpmdb not to be shut down cleanly on eg ctrl-c (RhBug:739492)