Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2021-4489

Опубликовано: 16 нояб. 2021
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2021-4489: rpm security, bug fix, and enhancement update (LOW)

[4.14.3-19]

  • Unbreak in-tree kmod strip by reverting brp-strip fix (#1967291)

[4.14.3-18]

  • Address important covscan issues (#1996665), vol. 2

[4.14.3-17]

  • Address important covscan issues (#1996665)

[4.14.3-16]

  • Add support for read-only sqlite rpmdb (#1938928)
  • Drop compat .decode() method from returned Py3 strings (#1840142)

[4.14.3-15]

  • Add out-of-bounds checks to hdrblobInit() (#1929445)
  • Fixes CVE-2021-20266
  • Fix regression in brp-strip causing kmods to lose SecureBoot sig (#1967291)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

python3-rpm

4.14.3-19.el8

rpm

4.14.3-19.el8

rpm-apidocs

4.14.3-19.el8

rpm-build

4.14.3-19.el8

rpm-build-libs

4.14.3-19.el8

rpm-cron

4.14.3-19.el8

rpm-devel

4.14.3-19.el8

rpm-libs

4.14.3-19.el8

rpm-plugin-fapolicyd

4.14.3-19.el8

rpm-plugin-ima

4.14.3-19.el8

rpm-plugin-prioreset

4.14.3-19.el8

rpm-plugin-selinux

4.14.3-19.el8

rpm-plugin-syslog

4.14.3-19.el8

rpm-plugin-systemd-inhibit

4.14.3-19.el8

rpm-sign

4.14.3-19.el8

Oracle Linux x86_64

python3-rpm

4.14.3-19.el8

rpm

4.14.3-19.el8

rpm-apidocs

4.14.3-19.el8

rpm-build

4.14.3-19.el8

rpm-build-libs

4.14.3-19.el8

rpm-cron

4.14.3-19.el8

rpm-devel

4.14.3-19.el8

rpm-libs

4.14.3-19.el8

rpm-plugin-fapolicyd

4.14.3-19.el8

rpm-plugin-ima

4.14.3-19.el8

rpm-plugin-prioreset

4.14.3-19.el8

rpm-plugin-selinux

4.14.3-19.el8

rpm-plugin-syslog

4.14.3-19.el8

rpm-plugin-systemd-inhibit

4.14.3-19.el8

rpm-sign

4.14.3-19.el8

Связанные CVE

CVE-2021-20266

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2021-20266

CVSS3: 4.9
ubuntu
почти 5 лет назад

A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

redhat логотип

CVE-2021-20266

CVSS3: 3.1
redhat
почти 5 лет назад

A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

nvd логотип

CVE-2021-20266

CVSS3: 4.9
nvd
почти 5 лет назад

A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

msrc логотип

CVE-2021-20266

CVSS3: 4.9
msrc
больше 4 лет назад

Описание отсутствует

debian логотип

CVE-2021-20266

CVSS3: 4.9
debian
почти 5 лет назад

A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw all ...