9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.061 Low
EPSS
Percentile
93.6%
Issue Overview:
Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code. (CVE-2011-3378)
Affected Packages:
rpm
Issue Correction:
Run yum update rpm to update your system.
New Packages:
i686:
rpm-devel-4.8.0-16.36.amzn1.i686
rpm-libs-4.8.0-16.36.amzn1.i686
rpm-apidocs-4.8.0-16.36.amzn1.i686
rpm-4.8.0-16.36.amzn1.i686
rpm-python-4.8.0-16.36.amzn1.i686
rpm-cron-4.8.0-16.36.amzn1.i686
rpm-build-4.8.0-16.36.amzn1.i686
rpm-debuginfo-4.8.0-16.36.amzn1.i686
src:
rpm-4.8.0-16.36.amzn1.src
x86_64:
rpm-devel-4.8.0-16.36.amzn1.x86_64
rpm-python-4.8.0-16.36.amzn1.x86_64
rpm-debuginfo-4.8.0-16.36.amzn1.x86_64
rpm-libs-4.8.0-16.36.amzn1.x86_64
rpm-apidocs-4.8.0-16.36.amzn1.x86_64
rpm-4.8.0-16.36.amzn1.x86_64
rpm-build-4.8.0-16.36.amzn1.x86_64
rpm-cron-4.8.0-16.36.amzn1.x86_64
Red Hat: CVE-2011-3378
Mitre: CVE-2011-3378
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | rpm-devel | < 4.8.0-16.36.amzn1 | rpm-devel-4.8.0-16.36.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | rpm-libs | < 4.8.0-16.36.amzn1 | rpm-libs-4.8.0-16.36.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | rpm-apidocs | < 4.8.0-16.36.amzn1 | rpm-apidocs-4.8.0-16.36.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | rpm | < 4.8.0-16.36.amzn1 | rpm-4.8.0-16.36.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | rpm-python | < 4.8.0-16.36.amzn1 | rpm-python-4.8.0-16.36.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | rpm-cron | < 4.8.0-16.36.amzn1 | rpm-cron-4.8.0-16.36.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | rpm-build | < 4.8.0-16.36.amzn1 | rpm-build-4.8.0-16.36.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | rpm-debuginfo | < 4.8.0-16.36.amzn1 | rpm-debuginfo-4.8.0-16.36.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | rpm-devel | < 4.8.0-16.36.amzn1 | rpm-devel-4.8.0-16.36.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | rpm-python | < 4.8.0-16.36.amzn1 | rpm-python-4.8.0-16.36.amzn1.x86_64.rpm |