Mandriva Update For Rpm MDVSA-2011:143 (rpm) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code (CVE-2011-3378). Additionally for Mandriva Linux 2009.0 and Mandriva Linux Enterprise Server 5 updated perl-URPM and lzma (xz v5) packages are being provided to support upgrading to Mandriva Linux 2011. The updated packages have been patched to correct these issues.

Affected

rpm on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2011-3378
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:173 (pidgin)
Mandrake Security Advisory MDVSA-2009:113 (cyrus-sasl)
Mandrake Security Advisory MDVSA-2009:013 (mplayer)
Mandrake Security Advisory MDVSA-2009:019 (imlib2)
Mandrake Security Advisory MDVSA-2009:049 (pycrypto)

Mandriva Update for rpm MDVSA-2011:143 (rpm)

Take action and discover your vulnerabilities