Описание
ELSA-2021-4785: rpm security update (MODERATE)
[4.11.3-48]
- Fix double-free in previously added patch (#2004228)
[4.11.3-47]
- Improve range checks on signature and main header tags (#2004228)
- Fixes CVE-2021-20271
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
rpm
4.11.3-48.el7_9
rpm-apidocs
4.11.3-48.el7_9
rpm-build
4.11.3-48.el7_9
rpm-build-libs
4.11.3-48.el7_9
rpm-cron
4.11.3-48.el7_9
rpm-devel
4.11.3-48.el7_9
rpm-libs
4.11.3-48.el7_9
rpm-plugin-systemd-inhibit
4.11.3-48.el7_9
rpm-python
4.11.3-48.el7_9
rpm-sign
4.11.3-48.el7_9
Oracle Linux x86_64
rpm
4.11.3-48.el7_9
rpm-apidocs
4.11.3-48.el7_9
rpm-build
4.11.3-48.el7_9
rpm-build-libs
4.11.3-48.el7_9
rpm-cron
4.11.3-48.el7_9
rpm-devel
4.11.3-48.el7_9
rpm-libs
4.11.3-48.el7_9
rpm-plugin-systemd-inhibit
4.11.3-48.el7_9
rpm-python
4.11.3-48.el7_9
rpm-sign
4.11.3-48.el7_9
Связанные CVE
Связанные уязвимости
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package whose signature header was modified to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity confidentiality and system availability.
A flaw was found in RPM's signature check functionality when reading a ...