Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2021:1366-1

Опубликовано: 18 окт. 2021
Источник: suse-cvrf

Описание

Security update for rpm

This update for rpm fixes the following issues:

Security issues fixed:

  • CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632)
  • PGP hardening changes (bsc#1185299)
  • Fixed potential access of freed mem in ndb's glue code (bsc#1179416)

Maintaince issues fixed:

  • Fixed zstd detection (bsc#1187670)
  • Added ndb rofs support (bsc#1188548)
  • Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Список пакетов

openSUSE Leap 15.2
python2-rpm-4.14.1-lp152.18.3.1
python3-rpm-4.14.1-lp152.18.3.1
rpm-4.14.1-lp152.18.3.1
rpm-32bit-4.14.1-lp152.18.3.1
rpm-build-4.14.1-lp152.18.3.1
rpm-devel-4.14.1-lp152.18.3.1

Ссылки

Описание

A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

Затронутые продукты
openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1
openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1
openSUSE Leap 15.2:rpm-32bit-4.14.1-lp152.18.3.1
openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1
Ссылки

Описание

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Затронутые продукты
openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1
openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1
openSUSE Leap 15.2:rpm-32bit-4.14.1-lp152.18.3.1
openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1
Ссылки

Описание

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.

Затронутые продукты
openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1
openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1
openSUSE Leap 15.2:rpm-32bit-4.14.1-lp152.18.3.1
openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1
Ссылки