RPM 4.9.1.2 Release Notes

Download information

Summary of changes from RPM 4.9.1.1

This is a mainly a security update for CVE:2011-3378, with just one additional fix for a severe signal handling regression in RPM 4.9.1 and 4.9.1.1.

Security

  • Do more thorough sanity checking on header (region) offsets when loading headers to avoid crashes (memory corruption, buffer overflows) on malformed packages (CVE:2011-3378, originally reported as RhBug:741606)

General bugfixes and enhancements

  • Fix a regression in RPM 4.9.1 and 4.9.1.1 rpmdb-related signal handling which can cause rpmdb not to be shut down cleanly on eg ctrl-c (RhBug:739492)