(RHSA-2011:1349) Important: rpm security update

2011-10-0300:00:00

access.redhat.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.057 Low

EPSS

Percentile

92.5%

JSON

The RPM Package Manager (RPM) is a command line driven package management
system capable of installing, uninstalling, verifying, querying, and
updating software packages.

Multiple flaws were found in the way the RPM library parsed package
headers. An attacker could create a specially-crafted RPM package that,
when queried or installed, would cause rpm to crash or, potentially,
execute arbitrary code. (CVE-2011-3378)

Note: Although an RPM package can, by design, execute arbitrary code when
installed, this issue would allow a specially-crafted RPM package to
execute arbitrary code before its digital signature has been verified.
Package downloads from the Red Hat Network remain secure due to certificate
checks performed on the secure connection.

All RPM users should upgrade to these updated packages, which contain a
backported patch to correct these issues. All running applications linked
against the RPM library must be restarted for this update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat5x86_64rpm-python< 4.4.2.3-22.el5_6.2rpm-python-4.4.2.3-22.el5_6.2.x86_64.rpm
RedHat5x86_64rpm< 4.4.2.3-22.el5_6.2rpm-4.4.2.3-22.el5_6.2.x86_64.rpm
RedHat6ppcrpm-debuginfo< 4.8.0-16.el6_1.1rpm-debuginfo-4.8.0-16.el6_1.1.ppc.rpm
RedHat5x86_64rpm-devel< 4.4.2.3-22.el5_7.2rpm-devel-4.4.2.3-22.el5_7.2.x86_64.rpm
RedHat5srcrpm< 4.4.2.3-22.el5_7.2rpm-4.4.2.3-22.el5_7.2.src.rpm
RedHat4ppcrpm-python< 4.3.3-35_nonptl.el4rpm-python-4.3.3-35_nonptl.el4.ppc.rpm
RedHat5i386rpm-python< 4.4.2.3-22.el5_6.2rpm-python-4.4.2.3-22.el5_6.2.i386.rpm
RedHat5x86_64rpm-devel< 4.4.2.3-22.el5_6.2rpm-devel-4.4.2.3-22.el5_6.2.x86_64.rpm
RedHat5srcrpm< 4.4.2.3-22.el5_6.2rpm-4.4.2.3-22.el5_6.2.src.rpm
RedHat5ppcrpm-build< 4.4.2.3-22.el5_7.2rpm-build-4.4.2.3-22.el5_7.2.ppc.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	5	x86_64	rpm-python	< 4.4.2.3-22.el5_6.2	rpm-python-4.4.2.3-22.el5_6.2.x86_64.rpm
RedHat	5	x86_64	rpm	< 4.4.2.3-22.el5_6.2	rpm-4.4.2.3-22.el5_6.2.x86_64.rpm
RedHat	6	ppc	rpm-debuginfo	< 4.8.0-16.el6_1.1	rpm-debuginfo-4.8.0-16.el6_1.1.ppc.rpm
RedHat	5	x86_64	rpm-devel	< 4.4.2.3-22.el5_7.2	rpm-devel-4.4.2.3-22.el5_7.2.x86_64.rpm
RedHat	5	src	rpm	< 4.4.2.3-22.el5_7.2	rpm-4.4.2.3-22.el5_7.2.src.rpm
RedHat	4	ppc	rpm-python	< 4.3.3-35_nonptl.el4	rpm-python-4.3.3-35_nonptl.el4.ppc.rpm
RedHat	5	i386	rpm-python	< 4.4.2.3-22.el5_6.2	rpm-python-4.4.2.3-22.el5_6.2.i386.rpm
RedHat	5	x86_64	rpm-devel	< 4.4.2.3-22.el5_6.2	rpm-devel-4.4.2.3-22.el5_6.2.x86_64.rpm
RedHat	5	src	rpm	< 4.4.2.3-22.el5_6.2	rpm-4.4.2.3-22.el5_6.2.src.rpm
RedHat	5	ppc	rpm-build	< 4.4.2.3-22.el5_7.2	rpm-build-4.4.2.3-22.el5_7.2.ppc.rpm