From secunia security advisory at $URL: Description: 1) A boundary error within the "headerLoad()" function (lib/header.c) when parsing region offsets can be exploited to cause a buffer overflow by tricking a user into e.g. checking signatures of a specially crafted RPM package. 2) An error within the "regionSwab()" function (lib/header.c) when parsing region offsets can be exploited to corrupt memory by tricking a user into e.g. checking signatures of a specially crafted RPM package. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. Solution: Update to version 4.9.1.2.
CVE-2011-3378 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3378): RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.
can we stabilize =app-arch/rpm-4.9.1.2 ?
Trouble is rpm-4.9.1.2 has been in the tree only for a few days. I wanted it to get a bit more testing, but I guess something is better than nothing. Sadly we didn't have any testing of newer rpms on several architectures where older rpm has been stabilized so it will still affect users of those architectures. I'll file a stabilization bug
(In reply to comment #3) > > I'll file a stabilization bug Thank you. The preference is to do stabilization in the security bug itself. No need to change it this time, but just for future reference.
Stabilization completed in bug 406479. GLSA request filed.
This issue was resolved and addressed in GLSA 201206-26 at http://security.gentoo.org/glsa/glsa-201206-26.xml by GLSA coordinator Sean Amoss (ackle).