4.153. rpm

Updated rpm packages that fix several bugs are now available for Red Hat Enterprise Linux 5.
The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.

Bug Fixes

BZ#620570
RPM treated systems which were using Geode processors as compatible with the i686 architecture. Consequently, installation of i686 packages failed on this systems. This compatibility issue has been resolved by setting the architecture to i686, and installation of the i686 architecture packages works as expected.
BZ#760552
Previously, the Japanese version of the rpm(8) manual page contained multiple typos. This update corrects those typos.
BZ#783451
The Python bindings provided by the rpm-python package incorrectly added a new line character at the end of the group tag when retrieving it from a Python program. This bug has been fixed and the tag is now returned unaltered.
BZ#808547
Due to the lack of DWARF 3 and 4 format support, the rpmbuild utility was not able to produce usable debug packages with newer compilers. This update adds the required support for the debugedit utility to RPM, and DWARF 3 and 4 formats are now supported as expected.
BZ#813282
The "freshen" (rpm -F/--freshen) operation did not consider the architecture the packages were built for when selecting update candidates, which caused either misleading error messages or packages being updated to a different architecture inappropriately on multilib systems. RPM now requires an exact architecture match between packages on multilib systems to perform the freshen operation.
BZ#814602
Descriptions of the "--define" and "--eval" parameters were missing in the rpm(8) manual page. This update adds these missing descriptions.
All users of RPM are advised to upgrade to these updated packages, which fix these bugs.
Updated rpm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below.
The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.

Security Fix

CVE-2012-0060, CVE-2012-0061, CVE-2012-0815
Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code.
Note: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially-crafted RPM package to execute arbitrary code before its digital signature has been verified. Package downloads from the Red Hat Network are protected by the use of a secure HTTPS connection in addition to the RPM package signature checks.
All RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.