In RHEL 9/10, the affected RPM versions are rpm-4.16.1.3-39.el9.x86_64/rpm-4.19.1.1-20.el10.x86_64 or above. For other RPM-based OS, please use
readelf command to check the OpenSSL version that RPM library is complied with.Below is a sample:
[user@machine bin]$ sudo readelf --version-info /usr/lib64/librpmio.so.9 Version symbols section '.gnu.version' contains 550 entries: Addr: 0x0000000000005b0c Offset: 0x00005b0c Link: 5 (.dynsym) 000: 0 (local) 2 (GLIBC_2.3.4) 3 (GLIBC_2.2.5) 1 (global) 004: 4 (OPENSSL_3.0.0) 3 (GLIBC_2.2.5) 5 (GLIBC_2.34) 1 (global) ・・・ Version needs section '.gnu.version_r' contains 5 entries: Addr: 0x0000000000005f58 Offset: 0x00005f58 Link: 6 (.dynstr) 000000: Version: 1 File: ld-linux-x86-64.so.2 Cnt: 1 0x0010: Name: GLIBC_2.3 Flags: none Version: 14 0x0020: Version: 1 File: libpopt.so.0 Cnt: 1 0x0030: Name: LIBPOPT_0 Flags: none Version: 13 0x0040: Version: 1 File: liblzma.so.5 Cnt: 2 0x0050: Name: XZ_5.2 Flags: none Version: 17 0x0060: Name: XZ_5.0 Flags: none Version: 8 0x0070: Version: 1 File: libcrypto.so.3 Cnt: 1 0x0080: Name: OPENSSL_3.0.0 Flags: none Version: 4 0x0090: Version: 1 File: libc.so.6 Cnt: 11 0x00a0: Name: GLIBC_2.17 Flags: none Version: 16 0x00b0: Name: GLIBC_2.15 Flags: none Version: 15 0x00c0: Name: GLIBC_2.4 Flags: none Version: 12 0x00d0: Name: GLIBC_2.3 Flags: none Version: 11 0x00e0: Name: GLIBC_2.33 Flags: none Version: 10 0x00f0: Name: GLIBC_2.14 Flags: none Version: 9 0x0100: Name: GLIBC_2.32 Flags: none Version: 7 0x0110: Name: GLIBC_2.6 Flags: none Version: 6 0x0120: Name: GLIBC_2.34 Flags: none Version: 5 0x0130: Name: GLIBC_2.2.5 Flags: none Version: 3 0x0140: Name: GLIBC_2.3.4 Flags: none Version: 2
The solution to address this issue is delivered through Trend Vision One™ Endpoint Security agent version 202512 release (DSA: 20.0.2-29760, xES: 3.0.0.8173). As a workaround for users who are unable to upgrade to the agent build above, it is suggested not to update the RPM package, or roll back the update if it has already been applied.