[Rpm-maint] rpm security exposure http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059

devzero2000 pinto.elia at gmail.com
Wed Nov 3 17:19:28 UTC 2010

The CVE is CONFIRMED with AIX 5.3 latest fixpack applied. I am pretty sure
it is also the same issue on AIX 6.x. I have do some trivial update to the
original bugzilla SPEC for testing  this. Reading the rpm 3.0.5 code confirm
the issue also. But the original patch to @rpm.org is not applicable as is.


On Wed, Nov 3, 2010 at 12:32 PM, devzero2000 <pinto.elia at gmail.com> wrote:

> On Wed, Nov 3, 2010 at 5:33 AM, swamy sangamesh <swamy.sangamesh at gmail.com
> > wrote:
>>  Hi Pinto,
>>  We are using it for IBM AIX Toolbox for linux applications with AIX
>> version 5.3 and above.
>>  currently we are using rpm-3.0.5 source to build the binaries.
> I imagined already But the rpm.rte fileset is a proprietary supported
> package lslpp from IBM (rpm.rte).
> I have see on the ibm fixcentral that the latest *Technology Level
> 5300-12-00-1015 doesn.'t contain or reference a security problem on rpm
> (http://www-933.ibm.com/support/fixcentral/aix/fixpackdetails?fixid=5300-12-00-1015).
> Have you opened an APAR ? I am sure that IBM*
> know to who ask for a fix, if necessary. Now there is no such fix
> http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=1&prefsOnOff=null&topic=SECURITY&month=ALL&heading=AIX53
> Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20101103/ec6d2745/attachment.html>

More information about the Rpm-maint mailing list