RPM 4.12.0.2 Release Notes
Summary of changes from RPM 4.12.0.1
Security fixes
- Fix crash in file list compression on read of malformed package (RhBug:1273360)
- Fix out-of-bounds read on query of malformed package (RhBug:1316896)
- Fix two NULL pointer dereferences on query of malformed package (RhBug:1316903)
- Fix overflow in cpio filename buffer (RhBug:1168715, CVE:2014-8118)
- Fix leaking unchecked data to other programs (CVE:2013-6435)
- Fix out-of-bounds read on signature checking of malformed package (RhBug:1373107)
General bugfixes
Package building
- Fix RPMTAG_ARCHIVESIZE / RPMTAG_LONGARCHIVESIZE generation on big-endian systems (regression introduced in 4.12.0)
Build process
- Adjust test-suite to work with fakechroot 2.18