pacman

mirror of https://github.com/moparisthebest/pacman synced 2024-08-13 17:03:46 -04:00

History

Levente Polyak deac973188 ensure matching database and package version While loading each package ensure that the internal version matches the expected database version to avoid the possibility to circumvent the version check. This issue can be used by an attacker to trick the software into installing an older version. The behavior can be exploited by a man-in-the-middle attack through specially crafted database tarball containing a higher version, yet actually delivering an older and vulnerable version, which was previously shipped. Signed-off-by: Levente Polyak <anthraxx@archlinux.org> Signed-off-by: Remi Gacogne <rgacogne@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>	2015-07-20 12:50:39 +10:00
..
libalpm	ensure matching database and package version	2015-07-20 12:50:39 +10:00

Levente Polyak deac973188 ensure matching database and package version

While loading each package ensure that the internal version matches the
expected database version to avoid the possibility to circumvent the
version check.
This issue can be used by an attacker to trick the software into
installing an older version. The behavior can be  exploited by a
man-in-the-middle attack through specially crafted  database tarball
containing a higher version, yet actually delivering an  older and
vulnerable version, which was previously shipped.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>

2015-07-20 12:50:39 +10:00

libalpm

ensure matching database and package version

2015-07-20 12:50:39 +10:00