Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 384967 (CVE-2011-3378) - <app-arch/rpm-4.9.1.2 Region Offset Parsing Vulnerabilities (CVE-2011-3378)
Summary: <app-arch/rpm-4.9.1.2 Region Offset Parsing Vulnerabilities (CVE-2011-3378)
Status: RESOLVED FIXED
Alias: CVE-2011-3378
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/46096/
Whiteboard: B2 [glsa]
Keywords:
Depends on: 406479
Blocks: CVE-2010-2059
  Show dependency tree
 
Reported: 2011-09-29 18:44 UTC by Agostino Sarubbo
Modified: 2012-06-24 23:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2011-09-29 18:44:06 UTC
From secunia security advisory at $URL:

Description:
1) A boundary error within the "headerLoad()" function (lib/header.c) when parsing region offsets can be exploited to cause a buffer overflow by tricking a user into e.g. checking signatures of a specially crafted RPM package.

2) An error within the "regionSwab()" function (lib/header.c) when parsing region offsets can be exploited to corrupt memory by tricking a user into e.g. checking signatures of a specially crafted RPM package.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

Solution:
Update to version 4.9.1.2.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-02-25 03:58:28 UTC
CVE-2011-3378 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3378):
  RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to
  cause a denial of service (memory corruption) and possibly execute arbitrary
  code via an rpm package with crafted headers and offsets that are not
  properly handled when a package is queried or installed, related to (1) the
  regionSwab function, (2) the headerLoad function, and (3) multiple functions
  in rpmio/rpmpgp.c.
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2012-03-01 18:01:08 UTC
can we stabilize =app-arch/rpm-4.9.1.2 ?
Comment 3 Stanislav Ochotnicky (RETIRED) gentoo-dev 2012-03-01 20:43:15 UTC
Trouble is rpm-4.9.1.2 has been in the tree only for a few days. I wanted it to get a bit more testing, but I guess something is better than nothing. Sadly we didn't have any testing of newer rpms on several architectures where older rpm has been stabilized so it will still affect users of those architectures.

I'll file a stabilization bug
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2012-03-01 21:15:26 UTC
(In reply to comment #3)
> 
> I'll file a stabilization bug

Thank you. The preference is to do stabilization in the security bug itself. No need to change it this time, but just for future reference.
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2012-03-25 14:53:37 UTC
Stabilization completed in bug 406479. GLSA request filed.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2012-06-24 23:08:40 UTC
This issue was resolved and addressed in
 GLSA 201206-26 at http://security.gentoo.org/glsa/glsa-201206-26.xml
by GLSA coordinator Sean Amoss (ackle).