Описание
ELSA-2021-2574: rpm security update (MODERATE)
[4.14.3-14]
- Be more careful about copying data from signature header (#1958477)
- Fixes CVE-2021-20271
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
python3-rpm
4.14.3-14.el8_4
rpm
4.14.3-14.el8_4
rpm-apidocs
4.14.3-14.el8_4
rpm-build
4.14.3-14.el8_4
rpm-build-libs
4.14.3-14.el8_4
rpm-cron
4.14.3-14.el8_4
rpm-devel
4.14.3-14.el8_4
rpm-libs
4.14.3-14.el8_4
rpm-plugin-fapolicyd
4.14.3-14.el8_4
rpm-plugin-ima
4.14.3-14.el8_4
rpm-plugin-prioreset
4.14.3-14.el8_4
rpm-plugin-selinux
4.14.3-14.el8_4
rpm-plugin-syslog
4.14.3-14.el8_4
rpm-plugin-systemd-inhibit
4.14.3-14.el8_4
rpm-sign
4.14.3-14.el8_4
Oracle Linux x86_64
python3-rpm
4.14.3-14.el8_4
rpm
4.14.3-14.el8_4
rpm-apidocs
4.14.3-14.el8_4
rpm-build
4.14.3-14.el8_4
rpm-build-libs
4.14.3-14.el8_4
rpm-cron
4.14.3-14.el8_4
rpm-devel
4.14.3-14.el8_4
rpm-libs
4.14.3-14.el8_4
rpm-plugin-fapolicyd
4.14.3-14.el8_4
rpm-plugin-ima
4.14.3-14.el8_4
rpm-plugin-prioreset
4.14.3-14.el8_4
rpm-plugin-selinux
4.14.3-14.el8_4
rpm-plugin-syslog
4.14.3-14.el8_4
rpm-plugin-systemd-inhibit
4.14.3-14.el8_4
rpm-sign
4.14.3-14.el8_4
Связанные CVE
Связанные уязвимости
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package whose signature header was modified to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity confidentiality and system availability.
A flaw was found in RPM's signature check functionality when reading a ...