CVE-2011-3378 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-3378 Interim 1 17 2023-12-09T01:47:43Z current 2021-05-30T12:59:42Z 2023-12-09T01:47:43Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-3378 RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5UHBMAIHLC5EILJT3XQYYWE6BRFR64UB/#5UHBMAIHLC5EILJT3XQYYWE6BRFR64UB E-Mail link for SUSE-SU-2011:1140-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/B6SNVYORVQ6INI6GG6ORCOTL7H57JLQK/#B6SNVYORVQ6INI6GG6ORCOTL7H57JLQK E-Mail link for SUSE-SU-2011:1140-2 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O6BF6JGYOURZ25L2RHILUSCTEXFU3HGH/#O6BF6JGYOURZ25L2RHILUSCTEXFU3HGH E-Mail link for openSUSE-SU-2011:1203-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CPAGKK7EJTQSU67VZ5USWW33S43FAY3I/#CPAGKK7EJTQSU67VZ5USWW33S43FAY3I E-Mail link for openSUSE-SU-2011:1204-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SP1-TERADATA popt-1.7-37.29.29.1 popt-32bit-1.7-37.29.29.1 rpm-32bit-4.4.2.3-37.29.29.1 rpm-4.4.2.3-37.29.29.1 rpm-python-4.4.2.3-37.29.35.1 popt-1.7-37.29.29.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA popt-32bit-1.7-37.29.29.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA rpm-4.4.2.3-37.29.29.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA rpm-32bit-4.4.2.3-37.29.29.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA rpm-python-4.4.2.3-37.29.35.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c. CVE-2011-3378 SUSE Linux Enterprise Server 11 SP1-TERADATA:popt-1.7-37.29.29.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:popt-32bit-1.7-37.29.29.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:rpm-4.4.2.3-37.29.29.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:rpm-32bit-4.4.2.3-37.29.29.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:rpm-python-4.4.2.3-37.29.35.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C