[SECURITY] Fedora 24 Update: rpm-4.13.0-0.rc1.27.fc24

updates at fedoraproject.org updates at fedoraproject.org
Sat May 7 12:49:58 UTC 2016


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-af4989be51
2016-05-07 11:36:53.846946
--------------------------------------------------------------------------------

Name        : rpm
Product     : Fedora 24
Version     : 4.13.0
Release     : 0.rc1.27.fc24
URL         : http://www.rpm.org/
Summary     : The RPM package management system
Description :
The RPM Package Manager (RPM) is a powerful command line driven
package management system capable of installing, uninstalling,
verifying, querying, and updating software packages. Each software
package consists of an archive of files along with information about
the package like its version, a description, etc.

--------------------------------------------------------------------------------
Update Information:

* Fix sigsegv in stringFormat() (rhbz:1316903) * Fix reading rpmtd behind its
size in formatValue() (rhbz:1316896)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1316903 - rpm: Null pointer dereference in rstrdup
        https://bugzilla.redhat.com/show_bug.cgi?id=1316903
  [ 2 ] Bug #1316896 - rpm: Out-of-bounds heap read triggered by crafted RPM file
        https://bugzilla.redhat.com/show_bug.cgi?id=1316896
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update rpm' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list