SUSE-SU-2021:2682-1

Опубликовано: 12 авг. 2021

Источник: suse-cvrf

Описание

Security update for rpm

This update for rpm fixes the following issues:

Changed default package verification level to 'none' to be compatible to rpm-4.14.1
Made illegal obsoletes a warning
Fixed a potential access of freed mem in ndb's glue code (bsc#1179416)
Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817)
Added :humansi and :hmaniec query formatters for human readable output
Added query selectors for whatobsoletes and whatconflicts
Added support for sorting caret higher than base version
rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805)

Security fixes:

CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543)
CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545)
CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

Список пакетов

Container bci/bci-init:15.3

rpm-ndb-4.14.3-37.2

Container bci/bci-minimal:15.3

rpm-ndb-4.14.3-37.2

Container bci/dotnet-aspnet:3.1

rpm-ndb-4.14.3-37.2

Container bci/dotnet-aspnet:5.0

rpm-ndb-4.14.3-37.2

Container bci/dotnet-aspnet:6.0

rpm-ndb-4.14.3-37.2

Container bci/dotnet-aspnet:latest

rpm-ndb-4.14.3-37.2

Container bci/dotnet-runtime:3.1

rpm-ndb-4.14.3-37.2

Container bci/dotnet-runtime:5.0

rpm-ndb-4.14.3-37.2

Container bci/dotnet-runtime:6.0

rpm-ndb-4.14.3-37.2

Container bci/dotnet-runtime:latest

rpm-ndb-4.14.3-37.2

Container bci/dotnet-sdk:3.1

rpm-ndb-4.14.3-37.2

Container bci/dotnet-sdk:5.0

rpm-ndb-4.14.3-37.2

Container bci/dotnet-sdk:6.0

rpm-ndb-4.14.3-37.2

Container bci/dotnet-sdk:latest

rpm-ndb-4.14.3-37.2

Container bci/golang:1.16

rpm-ndb-4.14.3-37.2

Container bci/golang:1.17

rpm-ndb-4.14.3-37.2

Container bci/golang:1.18

rpm-ndb-4.14.3-37.2

Container bci/golang:1.19

rpm-ndb-4.14.3-37.2

Container bci/golang:latest

rpm-ndb-4.14.3-37.2

Container bci/node:12

rpm-ndb-4.14.3-37.2

Container bci/node:14

rpm-ndb-4.14.3-37.2

Container bci/node:16

rpm-ndb-4.14.3-37.2

Container bci/nodejs:latest

rpm-ndb-4.14.3-37.2

Container bci/openjdk-devel:11

rpm-ndb-4.14.3-37.2

Container bci/openjdk-devel:latest

rpm-ndb-4.14.3-37.2

Container bci/openjdk:11

rpm-ndb-4.14.3-37.2

Container bci/openjdk:latest

rpm-ndb-4.14.3-37.2

Container bci/php-apache:8

rpm-ndb-4.14.3-37.2

Container bci/php-fpm:8

rpm-ndb-4.14.3-37.2

Container bci/php:8

rpm-ndb-4.14.3-37.2

Container bci/python:3

rpm-ndb-4.14.3-37.2

Container bci/python:latest

rpm-ndb-4.14.3-37.2

Container bci/ruby:latest

rpm-ndb-4.14.3-37.2

Container bci/rust:1.59

rpm-ndb-4.14.3-37.2

Container bci/rust:1.60

rpm-ndb-4.14.3-37.2

Container bci/rust:1.61

rpm-ndb-4.14.3-37.2

Container bci/rust:1.62

rpm-ndb-4.14.3-37.2

Container bci/rust:1.63

rpm-ndb-4.14.3-37.2

Container bci/rust:1.64

rpm-ndb-4.14.3-37.2

Container bci/rust:1.65

rpm-ndb-4.14.3-37.2

Container bci/rust:1.66

rpm-ndb-4.14.3-37.2

Container bci/rust:1.67

rpm-ndb-4.14.3-37.2

Container bci/rust:1.68

rpm-ndb-4.14.3-37.2

Container bci/rust:latest

rpm-ndb-4.14.3-37.2

Container ses/7.1/ceph/grafana:latest

rpm-ndb-4.14.3-37.2

Container ses/7.1/ceph/haproxy:latest

rpm-ndb-4.14.3-37.2

Container ses/7.1/ceph/keepalived:latest

rpm-ndb-4.14.3-37.2

Container ses/7.1/ceph/prometheus-alertmanager:latest

rpm-ndb-4.14.3-37.2

Container ses/7.1/ceph/prometheus-node-exporter:latest

rpm-ndb-4.14.3-37.2

Container ses/7.1/ceph/prometheus-server:latest

rpm-ndb-4.14.3-37.2

Container ses/7.1/ceph/prometheus-snmp_notifier:latest

rpm-ndb-4.14.3-37.2

Container ses/7.1/cephcsi/cephcsi:latest

rpm-ndb-4.14.3-37.2

Container ses/7.1/cephcsi/csi-attacher:v4.1.0

rpm-ndb-4.14.3-37.2

Container ses/7.1/cephcsi/csi-node-driver-registrar:v2.7.0

rpm-ndb-4.14.3-37.2

Container ses/7.1/cephcsi/csi-provisioner:v3.4.0

rpm-ndb-4.14.3-37.2

Container ses/7.1/cephcsi/csi-resizer:v1.7.0

rpm-ndb-4.14.3-37.2

Container ses/7.1/cephcsi/csi-snapshotter:v6.2.1

rpm-ndb-4.14.3-37.2

Container ses/7.1/rook/ceph:latest

rpm-ndb-4.14.3-37.2

Container suse/389-ds:latest

rpm-ndb-4.14.3-37.2

Container suse/ltss/sle15.3/bci-base:latest

rpm-ndb-4.14.3-37.2

Container suse/postgres:12

rpm-ndb-4.14.3-37.2

Container suse/postgres:13

rpm-ndb-4.14.3-37.2

Container suse/postgres:14

rpm-ndb-4.14.3-37.2

Container suse/postgres:latest

rpm-ndb-4.14.3-37.2

Container suse/rmt-mariadb-client:latest

rpm-ndb-4.14.3-37.2

Container suse/rmt-mariadb:latest

rpm-ndb-4.14.3-37.2

Container suse/rmt-nginx:latest

rpm-ndb-4.14.3-37.2

Container suse/rmt-server:latest

rpm-ndb-4.14.3-37.2

Container suse/sle-micro-rancher/5.2:latest

rpm-ndb-4.14.3-37.2

Container suse/sle-micro/5.1/toolbox:latest

rpm-ndb-4.14.3-37.2

Container suse/sle-micro/5.2/toolbox:latest

rpm-ndb-4.14.3-37.2

Container suse/sle15:15.3

rpm-ndb-4.14.3-37.2

Container trento/trento-runner:latest

python3-rpm-4.14.3-37.2

Image SLES15-SP3-BYOS-Azure

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-BYOS-EC2-HVM

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-BYOS-GCE

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-CHOST-BYOS-Aliyun

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-CHOST-BYOS-Azure

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-CHOST-BYOS-EC2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-CHOST-BYOS-GCE

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-EC2-ECS-HVM

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-EC2-HVM

python3-rpm-4.14.3-37.2

rpm-build-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-GCE

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-HPC-Azure

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-HPC-BYOS-Azure

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-HPC-BYOS-EC2-HVM

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-HPC-BYOS-GCE

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

python3-rpm-4.14.3-37.2

rpm-build-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

python3-rpm-4.14.3-37.2

rpm-build-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

python3-rpm-4.14.3-37.2

rpm-build-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

python2-rpm-4.14.3-37.2

python3-rpm-4.14.3-37.2

rpm-build-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

python2-rpm-4.14.3-37.2

python3-rpm-4.14.3-37.2

rpm-build-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

python2-rpm-4.14.3-37.2

python3-rpm-4.14.3-37.2

rpm-build-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-Micro-5-1-BYOS-Azure

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-Micro-5-1-BYOS-GCE

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-Micro-5-2-BYOS-Azure

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-Micro-5-2-BYOS-GCE

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-Micro-BYOS-GCE

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-SAP-Azure

python3-rpm-4.14.3-37.2

rpm-build-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-SAP-BYOS-Azure

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-SAP-BYOS-EC2-HVM

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-SAP-BYOS-GCE

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-SAP-EC2-HVM

python3-rpm-4.14.3-37.2

rpm-build-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-SAP-GCE

python3-rpm-4.14.3-37.2

rpm-build-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-SAPCAL-Azure

python3-rpm-4.14.3-37.2

rpm-build-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-SAPCAL-EC2-HVM

python3-rpm-4.14.3-37.2

rpm-build-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP3-SAPCAL-GCE

python3-rpm-4.14.3-37.2

rpm-build-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP4

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP4-Azure-Basic

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP4-Azure-Standard

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP4-EC2

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP4-EC2-ECS-HVM

rpm-ndb-4.14.3-37.2

Image SLES15-SP4-GCE

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP4-HPC

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP4-HPC-Azure

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP4-Micro-5-3-Azure

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP4-Micro-5-3-GCE

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP4-Micro-5-4-Azure

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP4-SAP-Hardened-EC2

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2-HVM

rpm-ndb-4.14.3-37.2

Image SLES15-SP5-EC2-ECS-HVM

rpm-ndb-4.14.3-37.2

Image SLES15-SP5-HPC-EC2

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP5-HPC-GCE

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP5-SAP-Azure

python3-rpm-4.14.3-37.2

rpm-build-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP5-SAP-EC2

python3-rpm-4.14.3-37.2

rpm-build-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP5-SAP-GCE

python3-rpm-4.14.3-37.2

rpm-build-4.14.3-37.2

rpm-ndb-4.14.3-37.2

Image SLES15-SP5-SAP-Hardened-EC2

python3-rpm-4.14.3-37.2

rpm-ndb-4.14.3-37.2

SUSE Linux Enterprise Module for Basesystem 15 SP3

python3-rpm-4.14.3-37.2

rpm-4.14.3-37.2

rpm-32bit-4.14.3-37.2

rpm-devel-4.14.3-37.2

SUSE Linux Enterprise Module for Development Tools 15 SP3

rpm-build-4.14.3-37.2

SUSE Linux Enterprise Module for Public Cloud 15 SP3

rpm-ndb-4.14.3-37.2

SUSE Linux Enterprise Module for Python 2 15 SP3

python2-rpm-4.14.3-37.2

SUSE Manager Proxy Module 4.2

rpm-build-4.14.3-37.2

SUSE Manager Server Module 4.2

rpm-build-4.14.3-37.2

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20212682-1/
Link for SUSE-SU-2021:2682-1
https://lists.suse.com/pipermail/sle-security-updates/2021-August/009290.html
E-Mail link for SUSE-SU-2021:2682-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1179416
SUSE Bug 1179416
https://bugzilla.suse.com/1181805
SUSE Bug 1181805
https://bugzilla.suse.com/1183543
SUSE Bug 1183543
https://bugzilla.suse.com/1183545
SUSE Bug 1183545
https://www.suse.com/security/cve/CVE-2021-20266/
SUSE CVE CVE-2021-20266 page
https://www.suse.com/security/cve/CVE-2021-20271/
SUSE CVE CVE-2021-20271 page
https://www.suse.com/security/cve/CVE-2021-3421/
SUSE CVE CVE-2021-3421 page

Описание

A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

Затронутые продукты

Container bci/bci-init:15.3:rpm-ndb-4.14.3-37.2

Container bci/bci-minimal:15.3:rpm-ndb-4.14.3-37.2

Container bci/dotnet-aspnet:3.1:rpm-ndb-4.14.3-37.2

Container bci/dotnet-aspnet:5.0:rpm-ndb-4.14.3-37.2

Ссылки

https://www.suse.com/security/cve/CVE-2021-20266.html
CVE-2021-20266
https://bugzilla.suse.com/1183632
SUSE Bug 1183632

Описание

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Затронутые продукты

Container bci/bci-init:15.3:rpm-ndb-4.14.3-37.2

Container bci/bci-minimal:15.3:rpm-ndb-4.14.3-37.2

Container bci/dotnet-aspnet:3.1:rpm-ndb-4.14.3-37.2

Container bci/dotnet-aspnet:5.0:rpm-ndb-4.14.3-37.2

Ссылки

https://www.suse.com/security/cve/CVE-2021-20271.html
CVE-2021-20271
https://bugzilla.suse.com/1183545
SUSE Bug 1183545

Описание

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.

Затронутые продукты

Container bci/bci-init:15.3:rpm-ndb-4.14.3-37.2

Container bci/bci-minimal:15.3:rpm-ndb-4.14.3-37.2

Container bci/dotnet-aspnet:3.1:rpm-ndb-4.14.3-37.2

Container bci/dotnet-aspnet:5.0:rpm-ndb-4.14.3-37.2

Ссылки

https://www.suse.com/security/cve/CVE-2021-3421.html
CVE-2021-3421
https://bugzilla.suse.com/1183543
SUSE Bug 1183543