rpm security update (CVE-2011-3378)
Specially crafted rpm packages can cause memory corruption
in rpm when verifying signatures (CVE-2011-3378).
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5255
Fixed bugs
bnc#720824
VUL-0: rpm: crash on malformed header (headerLoad, invlid off)
CVE#CVE-2011-3378
RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package
