GnoRPM Arbitrary File Overwrite Vulnerability

Solution:
A new release of GnoRPM (0.95.1) is available now. Versions of GnoRPM prior to 0.95 are believed to be vulnerable.

ftp.linux.org.uk:/pub/linux/alan/GNORPM/gnorpm-0.95.1.tar.gz
ftp.gnome.org:/pub/GNOME/stable/sources/gnorpm/gnorpm-0.95.1.tar.gz (soon)

MD5Sum: 80521433f88fa09899e9105a24c69ef9 gnorpm-0.95.1.tar.gz

MandrakeSoft has released software upgrades to patch this vulnerability.

S.u.S.E. Linux:

i386 Intel Platform:

SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/gnm3/gnorpm-0.95-3.i386.rpm
6aa5ea031f48d903bf3fb4e2328fc4c7
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/gnorpm-0.95-3.src.rpm
a6df0b51a50b0f82a1d0e77d46587d82

SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/gnm3/gnorpm-0.95-3.i386.rpm
2f47a772c634c35d989078287668e67d
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/gnorpm-0.95-3.src.rpm
04a7c41f0537ef513495efc49c105b1b

Sparc Platform:

SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/gnm3/gnorpm-0.9-159.sparc.rpm
467a2839f7df52c31eb42b97ebb8dd0d
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/gnorpm-0.9-159.src.rpm
eb09af61e93eab32a55c6538d0b45bc4

AXP Alpha Platform:

SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/gnm3/gnorpm-0.95-4.alpha.rpm
b99a121e1469f958413b26eef1fd7ce9
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/gnorpm-0.95-4.src.rpm
a65ba20f86d5d0693ecc3e77520ff584

PPC Power PC Platform:

SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/gnm3/gnorpm-0.95-3.ppc.rpm
9ad07eb2c2c437ed427d8ec5cb2b8439
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/gnorpm-0.95-3.src.rpm
ffdb55e153b7e07cad91830eafb088b9


GNOME GnoRPM 0.94


 

Privacy Statement
Copyright 2010, SecurityFocus