ALAS-2011-014


Amazon Linux AMI Security Advisory: ALAS-2011-14
Advisory Release Date: 2014-09-14 14:33 Pacific
Severity: Medium

Issue Overview:

Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code. (CVE-2011-3378 )


Affected Packages:

rpm


Issue Correction:
Run yum update rpm to update your system.

New Packages:
i686:
    rpm-devel-4.8.0-16.36.amzn1.i686
    rpm-libs-4.8.0-16.36.amzn1.i686
    rpm-apidocs-4.8.0-16.36.amzn1.i686
    rpm-4.8.0-16.36.amzn1.i686
    rpm-python-4.8.0-16.36.amzn1.i686
    rpm-cron-4.8.0-16.36.amzn1.i686
    rpm-build-4.8.0-16.36.amzn1.i686
    rpm-debuginfo-4.8.0-16.36.amzn1.i686

src:
    rpm-4.8.0-16.36.amzn1.src

x86_64:
    rpm-devel-4.8.0-16.36.amzn1.x86_64
    rpm-python-4.8.0-16.36.amzn1.x86_64
    rpm-debuginfo-4.8.0-16.36.amzn1.x86_64
    rpm-libs-4.8.0-16.36.amzn1.x86_64
    rpm-apidocs-4.8.0-16.36.amzn1.x86_64
    rpm-4.8.0-16.36.amzn1.x86_64
    rpm-build-4.8.0-16.36.amzn1.x86_64
    rpm-cron-4.8.0-16.36.amzn1.x86_64