Rapid7 Vulnerability & Exploit Database

RHSA-2001:016: rpm-4.0.2 for all Red Hat platforms and releases.

Back to Search

RHSA-2001:016: rpm-4.0.2 for all Red Hat platforms and releases.

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
02/19/2001
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

A common version of rpm for all Red Hat distributions is being released. This version of rpm understands legacy version 3 packaging used in Red Hat 6.x/5.x distributions as well as version 4 packaging used in Red Hat 7.x. In addition, rpm-4.0.2 has support for both the legacy db1 format used in Red Hat 6.x/5.x databases as well as support for the db3 format database used in Red Hat 7.x

Several potential problems 1) Red Hat 6.x/5.x users will need to install the db3 packages from RHEA-2001:015-09. 2) Red Hat 5.x users should note that the default compiler flags in rpm have changed, and are not compatible with the gcc originally shipped with Red Hat 5.2. Use egcs as a compiler instead. 3) Red Hat 6.x/5.x users should convert from db1 to db3 format dtabases at your earliest convience. This can be done by running, as root, the command rpm --rebuilddb Support for legacy db1 format rpm databases will be removed in the next release of rpm. 4) All platforms: If you chose to install rpm-4.0.2, and then go back to a previous version of rpm, then you will experience segfaults due to an incompatible change in headers in the database. The problem is in legacy versions of rpm going back to rpm-3.0, and is both caused and fixed by rpm-4.0.2. This incompatibility also applies to any/all applications that are statically linked against rpm libraries which should either be upgraded or recompiled to use rpm-4.0.2 libraries. Applications that use shared libraries should not be affected by this problem. 5) All platforms: rpm-4.0.2 will fail to install if you have both db1 and db3 rpm databases in /var/lib/rpm. If the packages do not install, please check the directory /var/lib/rpm for the files "packages.rpm" (the db1 format headers) and "Packages" (the db3 format headers) and rename/remove the older or smaller of the two files in order to upgrade.

Solution(s)

  • redhat-upgrade-popt
  • redhat-upgrade-rpm
  • redhat-upgrade-rpm-build
  • redhat-upgrade-rpm-devel
  • redhat-upgrade-rpm-python

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;