RPM 4.9.1.3 Release Notes

Download information

• rpm-4.9.1.3.tar.bz2 source
• SHA1SUM: d1157a05a2368de07e06638daee01d3749107c8b

Summary of changes from RPM 4.9.1.2

This is a security-only update for CVE:2012-0060, CVE:2012-0061 and CVE:2012-0815.

Security

• Properly sanity check region tags on header/package read (CVE:2012-0060)
• Sanity check header regions fit within the header (CVE:2012-0061)
• Sanity check negated region offsets too in headerVerifyInfo() (CVE:2012-0815)