Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2011-014
HistoryOct 31, 2011 - 6:25 p.m.

Medium: rpm

2011-10-3118:25:00
alas.aws.amazon.com
17

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.061 Low

EPSS

Percentile

93.6%

JSON

Issue Overview:

Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code. (CVE-2011-3378)

Affected Packages:

rpm

Issue Correction:
Run yum update rpm to update your system.

New Packages:

i686:  
    rpm-devel-4.8.0-16.36.amzn1.i686  
    rpm-libs-4.8.0-16.36.amzn1.i686  
    rpm-apidocs-4.8.0-16.36.amzn1.i686  
    rpm-4.8.0-16.36.amzn1.i686  
    rpm-python-4.8.0-16.36.amzn1.i686  
    rpm-cron-4.8.0-16.36.amzn1.i686  
    rpm-build-4.8.0-16.36.amzn1.i686  
    rpm-debuginfo-4.8.0-16.36.amzn1.i686  
  
src:  
    rpm-4.8.0-16.36.amzn1.src  
  
x86_64:  
    rpm-devel-4.8.0-16.36.amzn1.x86_64  
    rpm-python-4.8.0-16.36.amzn1.x86_64  
    rpm-debuginfo-4.8.0-16.36.amzn1.x86_64  
    rpm-libs-4.8.0-16.36.amzn1.x86_64  
    rpm-apidocs-4.8.0-16.36.amzn1.x86_64  
    rpm-4.8.0-16.36.amzn1.x86_64  
    rpm-build-4.8.0-16.36.amzn1.x86_64  
    rpm-cron-4.8.0-16.36.amzn1.x86_64

Additional References

Red Hat: CVE-2011-3378

Mitre: CVE-2011-3378

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686rpm-devel< 4.8.0-16.36.amzn1rpm-devel-4.8.0-16.36.amzn1.i686.rpm
Amazon Linux1i686rpm-libs< 4.8.0-16.36.amzn1rpm-libs-4.8.0-16.36.amzn1.i686.rpm
Amazon Linux1i686rpm-apidocs< 4.8.0-16.36.amzn1rpm-apidocs-4.8.0-16.36.amzn1.i686.rpm
Amazon Linux1i686rpm< 4.8.0-16.36.amzn1rpm-4.8.0-16.36.amzn1.i686.rpm
Amazon Linux1i686rpm-python< 4.8.0-16.36.amzn1rpm-python-4.8.0-16.36.amzn1.i686.rpm
Amazon Linux1i686rpm-cron< 4.8.0-16.36.amzn1rpm-cron-4.8.0-16.36.amzn1.i686.rpm
Amazon Linux1i686rpm-build< 4.8.0-16.36.amzn1rpm-build-4.8.0-16.36.amzn1.i686.rpm
Amazon Linux1i686rpm-debuginfo< 4.8.0-16.36.amzn1rpm-debuginfo-4.8.0-16.36.amzn1.i686.rpm
Amazon Linux1x86_64rpm-devel< 4.8.0-16.36.amzn1rpm-devel-4.8.0-16.36.amzn1.x86_64.rpm
Amazon Linux1x86_64rpm-python< 4.8.0-16.36.amzn1rpm-python-4.8.0-16.36.amzn1.x86_64.rpm
Rows per page:
1-10 of 161

Related

oraclelinux 1
nessus 20
openvas 28
prion 1
suse 3
fedora 3
securityvulns 2
ubuntucve 1
cvelist 1
nvd 1
redhat 2
veracode 1
cve 1
centos 1
debiancve 1
ubuntu 1
gentoo 1
vmware 2
oraclelinux
oraclelinux
rpm security update
2011-10-04 00:00:00
nessus
nessus
Fedora 15 : rpm-4.9.1.2-1.fc15 (2011-13785)
2011-10-12 00:00:00
Amazon Linux AMI : rpm (ALAS-2011-14)
2013-09-04 00:00:00
Mandriva Linux Security Advisory : rpm (MDVSA-2011:143)
2011-10-06 00:00:00
openvas
openvas
Fedora Update for rpm FEDORA-2011-13766
2012-04-02 00:00:00
CentOS Update for popt CESA-2011:1349 centos4 x86_64
2012-07-30 00:00:00
CentOS Update for popt CESA-2011:1349 centos5 x86_64
2012-07-30 00:00:00
prion
prion
Memory corruption
2011-12-24 19:55:00
suse
suse
Security update for popt (important)
2011-10-17 20:08:22
Security update for popt (important)
2011-11-02 23:08:26
rpm (CVE-2011-3378) (important)
2011-11-02 20:08:26
fedora
fedora
[SECURITY] Fedora 15 Update: rpm-4.9.1.2-1.fc15
2011-10-11 08:27:39
[SECURITY] Fedora 16 Update: rpm-4.9.1.2-1.fc16
2011-10-09 19:40:11
[SECURITY] Fedora 15 Update: rpm-4.9.1.3-1.fc15
2012-04-22 03:24:37
securityvulns
securityvulns
[ MDVSA-2011:143 ] rpm
2011-10-10 00:00:00
rpm multiple security vulnerabilities
2011-10-10 00:00:00
ubuntucve
ubuntucve
CVE-2011-3378
2011-12-24 00:00:00
cvelist
cvelist
CVE-2011-3378
2011-12-24 19:00:00
nvd
nvd
CVE-2011-3378
2011-12-24 19:55:01
redhat
redhat
(RHSA-2011:1349) Important: rpm security update
2011-10-03 00:00:00
(RHSA-2011:1408) Moderate: rhev-hypervisor security update
2011-10-26 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:03:00
cve
cve
CVE-2011-3378
2011-12-24 19:55:01
centos
centos
popt, rpm security update
2011-10-03 21:56:34
debiancve
debiancve
CVE-2011-3378
2011-12-24 19:55:01
ubuntu
ubuntu
RPM vulnerabilities
2013-01-17 00:00:00
gentoo
gentoo
RPM: Multiple vulnerabilities
2012-06-24 00:00:00
vmware
vmware
VMware ESXi and ESX updates to third party library and ESX Service Console
2012-01-30 00:00:00
VMware ESXi and ESX updates to third party library and ESX Service Console
2012-01-30 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.061 Low

EPSS

Percentile

93.6%

JSON
Related for ALAS-2011-014
oraclelinux1nessus20openvas28prion1suse3fedora3securityvulns2ubuntucve1cvelist1nvd1redhat2veracode1cve1centos1debiancve1ubuntu1gentoo1vmware2