Amazon Linux 1 Security Advisory: ALAS-2011-14
Advisory Release Date: 2011-10-31 18:25 Pacific
Advisory Updated Date: 2014-09-14 14:33 Pacific
Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code. (CVE-2011-3378)
Affected Packages:
rpm
Issue Correction:
Run yum update rpm to update your system.
i686:
rpm-devel-4.8.0-16.36.amzn1.i686
rpm-libs-4.8.0-16.36.amzn1.i686
rpm-apidocs-4.8.0-16.36.amzn1.i686
rpm-4.8.0-16.36.amzn1.i686
rpm-python-4.8.0-16.36.amzn1.i686
rpm-cron-4.8.0-16.36.amzn1.i686
rpm-build-4.8.0-16.36.amzn1.i686
rpm-debuginfo-4.8.0-16.36.amzn1.i686
src:
rpm-4.8.0-16.36.amzn1.src
x86_64:
rpm-devel-4.8.0-16.36.amzn1.x86_64
rpm-python-4.8.0-16.36.amzn1.x86_64
rpm-debuginfo-4.8.0-16.36.amzn1.x86_64
rpm-libs-4.8.0-16.36.amzn1.x86_64
rpm-apidocs-4.8.0-16.36.amzn1.x86_64
rpm-4.8.0-16.36.amzn1.x86_64
rpm-build-4.8.0-16.36.amzn1.x86_64
rpm-cron-4.8.0-16.36.amzn1.x86_64