Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-0463

Опубликовано: 25 янв. 2024
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2024-0463: rpm security update (MODERATE)

[4.16.1.3-27]

  • TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)
  • races with chown/chmod/capabilities calls during installation (CVE-2021-35938)
  • checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

python3-rpm

4.16.1.3-27.el9_3

rpm

4.16.1.3-27.el9_3

rpm-apidocs

4.16.1.3-27.el9_3

rpm-build

4.16.1.3-27.el9_3

rpm-build-libs

4.16.1.3-27.el9_3

rpm-cron

4.16.1.3-27.el9_3

rpm-devel

4.16.1.3-27.el9_3

rpm-libs

4.16.1.3-27.el9_3

rpm-plugin-audit

4.16.1.3-27.el9_3

rpm-plugin-fapolicyd

4.16.1.3-27.el9_3

rpm-plugin-ima

4.16.1.3-27.el9_3

rpm-plugin-selinux

4.16.1.3-27.el9_3

rpm-plugin-syslog

4.16.1.3-27.el9_3

rpm-plugin-systemd-inhibit

4.16.1.3-27.el9_3

rpm-sign

4.16.1.3-27.el9_3

rpm-sign-libs

4.16.1.3-27.el9_3

Oracle Linux x86_64

python3-rpm

4.16.1.3-27.el9_3

rpm

4.16.1.3-27.el9_3

rpm-apidocs

4.16.1.3-27.el9_3

rpm-build

4.16.1.3-27.el9_3

rpm-build-libs

4.16.1.3-27.el9_3

rpm-cron

4.16.1.3-27.el9_3

rpm-devel

4.16.1.3-27.el9_3

rpm-libs

4.16.1.3-27.el9_3

rpm-plugin-audit

4.16.1.3-27.el9_3

rpm-plugin-fapolicyd

4.16.1.3-27.el9_3

rpm-plugin-ima

4.16.1.3-27.el9_3

rpm-plugin-selinux

4.16.1.3-27.el9_3

rpm-plugin-syslog

4.16.1.3-27.el9_3

rpm-plugin-systemd-inhibit

4.16.1.3-27.el9_3

rpm-sign

4.16.1.3-27.el9_3

rpm-sign-libs

4.16.1.3-27.el9_3

Связанные CVE

CVE-2021-35937
CVE-2021-35939
CVE-2021-35938

Ссылки на источники

Связанные уязвимости

rocky логотип

RLSA-2024:0647

rocky
больше 1 года назад

Moderate: rpm security update

oracle-oval логотип

ELSA-2024-0647

oracle-oval
больше 1 года назад

ELSA-2024-0647: rpm security update (MODERATE)

redos логотип

ROS-20240410-21

CVSS3: 6.5
redos
больше 1 года назад

Множественные уязвимости rpm

ubuntu логотип

CVE-2021-35937

CVSS3: 6.4
ubuntu
почти 3 года назад

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

redhat логотип

CVE-2021-35937

CVSS3: 6.3
redhat
около 4 лет назад

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.