Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Scientific Linux: Important RPM Update for Critical Security Issue

Calendar Oct 04, 2011 User Avatar LinuxSecurity Advisories
3 - 5 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory security update package management important security issue Scientific Linux RPM software i386 x86_64
Important: rpm security update 
Date: Tue, 4 Oct 2011 09:00:02 -0500
Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: rpm on SL4.x, SL5.x, SL6.x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis: Important: rpm security update
Issue Date: 2011-10-03
CVE Numbers: CVE-2011-3378

The RPM Package Manager (RPM) is a command line driven package management
system capable of installing, uninstalling, verifying, querying, and
updating software packages.

Multiple flaws were found in the way the RPM library parsed package
headers. An attacker could create a specially-crafted RPM package that,
when queried or installed, would cause rpm to crash or, potentially,
execute arbitrary code. (CVE-2011-3378)

Note: Although an RPM package can, by design, execute arbitrary code when
installed, this issue would allow a specially-crafted RPM package to
execute arbitrary code before its digital signature has been verified.

All RPM users should upgrade to these updated packages, which contain a
backported patch to correct these issues. All running applications linked
against the RPM library must be restarted for this update to take effect.

SL4:
 i386
 rpm-devel-4.3.3-35_nonptl.el4.i386.rpm
 rpm-python-4.3.3-35_nonptl.el4.i386.rpm
 rpm-debuginfo-4.3.3-35_nonptl.el4.i386.rpm
 rpm-libs-4.3.3-35_nonptl.el4.i386.rpm
 rpm-build-4.3.3-35_nonptl.el4.i386.rpm
 popt-1.9.1-35_nonptl.el4.i386.rpm
 rpm-4.3.3-35_nonptl.el4.i386.rpm
 x86_64
 popt-1.9.1-35_nonptl.el4.x86_64.rpm
 rpm-build-4.3.3-35_nonptl.el4.x86_64.rpm
 rpm-libs-4.3.3-35_nonptl.el4.i386.rpm
 rpm-4.3.3-35_nonptl.el4.x86_64.rpm
 rpm-devel-4.3.3-35_nonptl.el4.x86_64.rpm
 rpm-debuginfo-4.3.3-35_nonptl.el4.i386.rpm
 rpm-debuginfo-4.3.3-35_nonptl.el4.x86_64.rpm
 popt-1.9.1-35_nonptl.el4.i386.rpm
 rpm-libs-4.3.3-35_nonptl.el4.x86_64.rpm
 rpm-python-4.3.3-35_nonptl.el4.x86_64.rpm
SL5:
 i386
 popt-1.10.2.3-22.el5_7.2.i386.rpm
 rpm-4.4.2.3-22.el5_7.2.i386.rpm
 rpm-apidocs-4.4.2.3-22.el5_7.2.i386.rpm
 rpm-build-4.4.2.3-22.el5_7.2.i386.rpm
 rpm-libs-4.4.2.3-22.el5_7.2.i386.rpm
 rpm-devel-4.4.2.3-22.el5_7.2.i386.rpm
 rpm-debuginfo-4.4.2.3-22.el5_7.2.i386.rpm
 rpm-python-4.4.2.3-22.el5_7.2.i386.rpm
 x86_64
 rpm-devel-4.4.2.3-22.el5_7.2.i386.rpm
 rpm-devel-4.4.2.3-22.el5_7.2.x86_64.rpm
 rpm-debuginfo-4.4.2.3-22.el5_7.2.i386.rpm
 rpm-python-4.4.2.3-22.el5_7.2.x86_64.rpm
 rpm-libs-4.4.2.3-22.el5_7.2.x86_64.rpm
 rpm-build-4.4.2.3-22.el5_7.2.x86_64.rpm
 rpm-debuginfo-4.4.2.3-22.el5_7.2.x86_64.rpm
 rpm-apidocs-4.4.2.3-22.el5_7.2.x86_64.rpm
 rpm-4.4.2.3-22.el5_7.2.x86_64.rpm
 rpm-libs-4.4.2.3-22.el5_7.2.i386.rpm
 popt-1.10.2.3-22.el5_7.2.x86_64.rpm
 popt-1.10.2.3-22.el5_7.2.i386.rpm
SL6:
 i386
 rpm-libs-4.8.0-16.el6_1.1.i686.rpm
 rpm-debuginfo-4.8.0-16.el6_1.1.i686.rpm
 rpm-python-4.8.0-16.el6_1.1.i686.rpm
 rpm-devel-4.8.0-16.el6_1.1.i686.rpm
 rpm-build-4.8.0-16.el6_1.1.i686.rpm
 rpm-4.8.0-16.el6_1.1.i686.rpm
 noarch
 rpm-cron-4.8.0-16.el6_1.1.noarch.rpm
 rpm-apidocs-4.8.0-16.el6_1.1.noarch.rpm
 x86_64
 rpm-libs-4.8.0-16.el6_1.1.x86_64.rpm
 rpm-libs-4.8.0-16.el6_1.1.i686.rpm
 rpm-devel-4.8.0-16.el6_1.1.x86_64.rpm
 rpm-devel-4.8.0-16.el6_1.1.i686.rpm
 rpm-debuginfo-4.8.0-16.el6_1.1.x86_64.rpm
 rpm-debuginfo-4.8.0-16.el6_1.1.i686.rpm
 rpm-4.8.0-16.el6_1.1.x86_64.rpm
 rpm-build-4.8.0-16.el6_1.1.x86_64.rpm
 rpm-python-4.8.0-16.el6_1.1.x86_64.rpm

- Scientific Linux Development Team

Related News

Your message here