RPM Vulnerability Fixed in Ubuntu 12.10 (Quantal Quetzal)

On January 17, Canonical published in a security notice details about an RPM vulnerability for its Ubuntu 12.10 (Quantal Quetzal) operating system.

According to Canonical, RPM could incorrectly validate package signatures.

It was discovered that RPM incorrectly handled signature checking. An attacker could create a specially-crafted RPM with an invalid signature which could pass the signature validation check.

The security flaws can be fixed if you upgrade your system(s) to the latest RPM package (4.10.0-4ubuntu0.1), for Ubuntu 12.10 (Quantal Quetzal) the operating system. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart won't be necessary to implement the changes, but users have to restart the virtual machine.

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.