CVE-2011-3378

Related Files

Ubuntu Security Notice USN-1695-1

Posted Jan 18, 2013

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1695-1 - It was discovered that RPM incorrectly handled certain package headers. If a user or automated system were tricked into installing a specially crafted RPM package, an attacker could cause RPM to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2011-3378, CVE-2012-0060, CVE-2012-0061, CVE-2012-0815

SHA-256 | 6ed9935c9f025dd952fa66e4029346a68a2ebc1e3fc480dae4564c72c2376d6b

Download | Favorite | View

Gentoo Linux Security Advisory 201206-26

Posted Jun 25, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-26 - Multiple vulnerabilities have been found in RPM, possibly allowing local attackers to gain elevated privileges or remote attackers to execute arbitrary code. Versions less than 4.9.1.3 are affected.

tags | advisory, remote, arbitrary, local, vulnerability

systems | linux, gentoo

advisories | CVE-2010-2059, CVE-2010-2197, CVE-2010-2198, CVE-2010-2199, CVE-2011-3378, CVE-2012-0060, CVE-2012-0061, CVE-2012-0815

SHA-256 | ab1825cda7c1f6e700c1cf9925ad6cba5cb080ac3b1c27843cc194156b51709d

Download | Favorite | View

Mandriva Linux Security Advisory 2011-143

Posted Oct 5, 2011

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-143 - Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code. Additionally for Mandriva Linux 2009.0 and Mandriva Linux Enterprise Server 5 updated perl-URPM and lzma packages are being provided to support upgrading to Mandriva Linux 2011. The updated packages have been patched to correct these issues.

tags | advisory, arbitrary, perl

systems | linux, mandriva

advisories | CVE-2011-3378

SHA-256 | 9afe9111ff11f1fe617d84ce97c27e7f82377af4c75082382f765bcd773acb62

Download | Favorite | View

Red Hat Security Advisory 2011-1349-01

Posted Oct 3, 2011

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1349-01 - The RPM Package Manager is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code. Note: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially-crafted RPM package to execute arbitrary code before its digital signature has been verified. Package downloads from the Red Hat Network remain secure due to certificate checks performed on the secure connection.

tags | advisory, arbitrary

systems | linux, redhat

advisories | CVE-2011-3378

SHA-256 | cd4cf859a3f4de5d858f9eb9b426cab9223d94eb4ca30c0bdda789361f169e39

Download | Favorite | View