(RHSA-2021:2574) Moderate: rpm security update

2021-06-2913:43:23

access.redhat.com

rpm package manager

signature checks bypass

security update

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.2%

JSON

The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.

Security Fix(es):

rpm: Signature checks bypass via corrupted rpm package (CVE-2021-20271)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8ppc64lerpm-plugin-systemd-inhibit< 4.14.3-14.el8_4rpm-plugin-systemd-inhibit-4.14.3-14.el8_4.ppc64le.rpm
RedHat8x86_64rpm-libs-debuginfo< 4.14.3-14.el8_4rpm-libs-debuginfo-4.14.3-14.el8_4.x86_64.rpm
RedHat8aarch64rpm-debuginfo< 4.14.3-14.el8_4rpm-debuginfo-4.14.3-14.el8_4.aarch64.rpm
RedHat8ppc64lepython3-rpm-debuginfo< 4.14.3-14.el8_4python3-rpm-debuginfo-4.14.3-14.el8_4.ppc64le.rpm
RedHat8ppc64lerpm-build-debuginfo< 4.14.3-14.el8_4rpm-build-debuginfo-4.14.3-14.el8_4.ppc64le.rpm
RedHat8s390xrpm-libs< 4.14.3-14.el8_4rpm-libs-4.14.3-14.el8_4.s390x.rpm
RedHat8s390xrpm-devel< 4.14.3-14.el8_4rpm-devel-4.14.3-14.el8_4.s390x.rpm
RedHat8ppc64lerpm< 4.14.3-14.el8_4rpm-4.14.3-14.el8_4.ppc64le.rpm
RedHat8x86_64rpm-build-libs-debuginfo< 4.14.3-14.el8_4rpm-build-libs-debuginfo-4.14.3-14.el8_4.x86_64.rpm
RedHat8s390xrpm-libs-debuginfo< 4.14.3-14.el8_4rpm-libs-debuginfo-4.14.3-14.el8_4.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	ppc64le	rpm-plugin-systemd-inhibit	< 4.14.3-14.el8_4	rpm-plugin-systemd-inhibit-4.14.3-14.el8_4.ppc64le.rpm
RedHat	8	x86_64	rpm-libs-debuginfo	< 4.14.3-14.el8_4	rpm-libs-debuginfo-4.14.3-14.el8_4.x86_64.rpm
RedHat	8	aarch64	rpm-debuginfo	< 4.14.3-14.el8_4	rpm-debuginfo-4.14.3-14.el8_4.aarch64.rpm
RedHat	8	ppc64le	python3-rpm-debuginfo	< 4.14.3-14.el8_4	python3-rpm-debuginfo-4.14.3-14.el8_4.ppc64le.rpm
RedHat	8	ppc64le	rpm-build-debuginfo	< 4.14.3-14.el8_4	rpm-build-debuginfo-4.14.3-14.el8_4.ppc64le.rpm
RedHat	8	s390x	rpm-libs	< 4.14.3-14.el8_4	rpm-libs-4.14.3-14.el8_4.s390x.rpm
RedHat	8	s390x	rpm-devel	< 4.14.3-14.el8_4	rpm-devel-4.14.3-14.el8_4.s390x.rpm
RedHat	8	ppc64le	rpm	< 4.14.3-14.el8_4	rpm-4.14.3-14.el8_4.ppc64le.rpm
RedHat	8	x86_64	rpm-build-libs-debuginfo	< 4.14.3-14.el8_4	rpm-build-libs-debuginfo-4.14.3-14.el8_4.x86_64.rpm
RedHat	8	s390x	rpm-libs-debuginfo	< 4.14.3-14.el8_4	rpm-libs-debuginfo-4.14.3-14.el8_4.s390x.rpm