Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2021:4464

Опубликовано: 09 нояб. 2021
Источник: rocky
Оценка: Moderate

Описание

Moderate: dnf security and bug fix update

dnf is a package manager that allows users to manage packages on their systems. It supports RPMs, modules and comps groups & environments.

Security Fix(es):

  • libdnf: Signature verification bypass via signature placed in the main RPM header (CVE-2021-3445)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
dnfnoarch4.el8dnf-4.7.0-4.el8.noarch.rpm
dnfnoarch4.el8dnf-4.7.0-4.el8.noarch.rpm
dnf-automaticnoarch4.el8dnf-automatic-4.7.0-4.el8.noarch.rpm
dnf-automaticnoarch4.el8dnf-automatic-4.7.0-4.el8.noarch.rpm
dnf-datanoarch4.el8dnf-data-4.7.0-4.el8.noarch.rpm
dnf-datanoarch4.el8dnf-data-4.7.0-4.el8.noarch.rpm
dnf-plugins-corenoarch3.el8dnf-plugins-core-4.0.21-3.el8.noarch.rpm
dnf-plugins-corenoarch3.el8dnf-plugins-core-4.0.21-3.el8.noarch.rpm
libdnfi6863.el8libdnf-0.63.0-3.el8.i686.rpm
libdnfx86_643.el8libdnf-0.63.0-3.el8.x86_64.rpm

Показывать по

Связанные CVE

CVE-2021-3445

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2021-3445

CVSS3: 7.5
ubuntu
больше 4 лет назад

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

redhat логотип

CVE-2021-3445

CVSS3: 6.4
redhat
почти 5 лет назад

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

nvd логотип

CVE-2021-3445

CVSS3: 7.5
nvd
больше 4 лет назад

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

msrc логотип

CVE-2021-3445

CVSS3: 7.5
msrc
больше 4 лет назад

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality integrity as well as system availability.

debian логотип

CVE-2021-3445

CVSS3: 7.5
debian
больше 4 лет назад

A flaw was found in libdnf's signature verification functionality in v ...