AlmaLinuxALSA-2024:0463Moderate: rpm security update
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
36.7%
The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.
Security Fix(es):
- rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)
- rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)
- rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 9 | i686 | rpm-devel | < 4.16.1.3-27.el9_3 | rpm-devel-4.16.1.3-27.el9_3.i686.rpm |
| almalinux | 9 | noarch | rpm-apidocs | < 4.16.1.3-27.el9_3 | rpm-apidocs-4.16.1.3-27.el9_3.noarch.rpm |
| almalinux | 9 | noarch | rpm-cron | < 4.16.1.3-27.el9_3 | rpm-cron-4.16.1.3-27.el9_3.noarch.rpm |
| almalinux | 9 | aarch64 | rpm-devel | < 4.16.1.3-27.el9_3 | rpm-devel-4.16.1.3-27.el9_3.aarch64.rpm |
| almalinux | 9 | aarch64 | rpm-plugin-syslog | < 4.16.1.3-27.el9_3 | rpm-plugin-syslog-4.16.1.3-27.el9_3.aarch64.rpm |
| almalinux | 9 | aarch64 | rpm-build | < 4.16.1.3-27.el9_3 | rpm-build-4.16.1.3-27.el9_3.aarch64.rpm |
| almalinux | 9 | aarch64 | rpm-plugin-fapolicyd | < 4.16.1.3-27.el9_3 | rpm-plugin-fapolicyd-4.16.1.3-27.el9_3.aarch64.rpm |
| almalinux | 9 | aarch64 | rpm-plugin-systemd-inhibit | < 4.16.1.3-27.el9_3 | rpm-plugin-systemd-inhibit-4.16.1.3-27.el9_3.aarch64.rpm |
| almalinux | 9 | aarch64 | rpm-plugin-ima | < 4.16.1.3-27.el9_3 | rpm-plugin-ima-4.16.1.3-27.el9_3.aarch64.rpm |
| almalinux | 9 | x86_64 | rpm-build | < 4.16.1.3-27.el9_3 | rpm-build-4.16.1.3-27.el9_3.x86_64.rpm |
References
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
36.7%