Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseOPENSUSE-SU-2021:2682-1
HistoryAug 17, 2021 - 12:00 a.m.

Security update for rpm (important)

2021-08-1700:00:00
lists.opensuse.org
61
rpm
security update
vulnerabilities
features
rpm database corruption
data integrity
confidentiality
system availability
package verification
signature policy
payload verification
patch instructions
yast
zypper patch
opensuse leap 15.3

EPSS

0.002

Percentile

61.2%

JSON

An update that solves three vulnerabilities, contains two
features and has one errata is now available.

Description:

This update for rpm fixes the following issues:

  • Changed default package verification level to ‘none’ to be compatible to
    rpm-4.14.1
  • Made illegal obsoletes a warning
  • Fixed a potential access of freed mem in ndb’s glue code (bsc#1179416)
  • Added support for enforcing signature policy and payload verification
    step to transactions (jsc#SLE-17817)
  • Added :humansi and :hmaniec query formatters for human readable output
  • Added query selectors for whatobsoletes and whatconflicts
  • Added support for sorting caret higher than base version
  • rpm does no longer require the signature header to be in a contiguous
    region when signing (bsc#1181805)

Security fixes:

  • CVE-2021-3421: A flaw was found in the RPM package in the read
    functionality. This flaw allows an attacker who can convince a victim to
    install a seemingly verifiable package or compromise an RPM repository,
    to cause RPM database corruption. The highest threat from this
    vulnerability is to data integrity (bsc#1183543)

  • CVE-2021-20271: A flaw was found in RPM’s signature check functionality
    when reading a package file. This flaw allows an attacker who can
    convince a victim to install a seemingly verifiable package, whose
    signature header was modified, to cause RPM database corruption and
    execute code. The highest threat from this vulnerability is to data
    integrity, confidentiality, and system availability (bsc#1183545)

  • CVE-2021-20266: A flaw was found in RPM’s hdrblobInit() in lib/header.c.
    This flaw allows an attacker who can modify the rpmdb to cause an
    out-of-bounds read. The highest threat from this vulnerability is to
    system availability.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2021-2682=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.3aarch64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.3ppc64le< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.3s390x< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.3x86_64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Leap15.3x86_64< - openSUSE Leap 15.3 (x86_64):- openSUSE Leap 15.3 (x86_64):.x86_64.rpm

Related

openvas 28
nessus 59
fedora 3
osv 8
ibm 9
suse 2
aix 1
mageia 1
ubuntu 1
gentoo 1
amazon 2
redhat 30
rocky 2
photon 14
cbl_mariner 3
oraclelinux 3
alpinelinux 3
prion 3
ubuntucve 3
almalinux 2
cvelist 3
debiancve 3
nvd 3
redhatcve 3
f5 1
veracode 3
cve 3
centos 1
rosalinux 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:3444-1)
2021-10-18 00:00:00
Ubuntu: Security Advisory (USN-5273-1)
2023-01-27 00:00:00
Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2021-1992)
2021-06-29 00:00:00
nessus
nessus
openSUSE 15 Security Update : rpm (openSUSE-SU-2021:1366-1)
2021-10-19 00:00:00
EulerOS 2.0 SP8 : rpm (EulerOS-SA-2021-1992)
2021-06-28 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : RPM Package Manager vulnerabilities (USN-5273-1)
2023-10-16 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: rpm-4.16.1.3-1.fc34
2021-03-30 00:17:25
[SECURITY] Fedora 32 Update: rpm-4.15.1.1-1.fc32.1
2021-04-07 15:26:31
[SECURITY] Fedora 33 Update: rpm-4.16.1.3-1.fc33
2021-03-30 14:31:25
osv
osv
rpm vulnerabilities
2022-07-21 06:56:30
Moderate: rpm security update
2021-06-29 13:43:23
Low: rpm security, bug fix, and enhancement update
2021-11-09 09:32:33
ibm
ibm
Security Bulletin: Due to RPM, AIX is vulnerable to arbitrary code execution (CVE-2021-20271), RPM database corruption (CVE-2021-3421), and denial of service (CVE-2021-20266)
2022-09-23 16:07:09
Security Bulletin: IBM QRadar Network Security is affected by vulnerability in rpm. (CVE-2021-20271)
2022-07-07 10:50:13
Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93
2022-03-14 20:12:12
suse
suse
Security update for rpm (important)
2021-10-18 00:00:00
Security update for libdnf (moderate)
2021-08-13 00:00:00
aix
aix
AIX is vulnerable to arbitrary code execution and RPM database corruption and denial of service due to RPM.
2022-09-23 09:39:22
mageia
mageia
Updated rpm packages fix security vulnerabilities
2021-04-02 13:16:21
ubuntu
ubuntu
RPM Package Manager vulnerabilities
2022-07-21 00:00:00
gentoo
gentoo
RPM: Multiple vulnerabilities
2021-07-20 00:00:00
amazon
amazon
Medium: rpm
2021-07-08 18:38:00
Medium: rpm
2021-07-14 20:43:00
redhat
redhat
(RHSA-2021:2574) Moderate: rpm security update
2021-06-29 13:43:23
(RHSA-2021:2791) Moderate: rpm security update
2021-07-20 13:20:32
(RHSA-2021:4489) Low: rpm security, bug fix, and enhancement update
2021-11-09 09:32:33
rocky
rocky
rpm security update
2021-06-29 13:43:23
rpm security, bug fix, and enhancement update
2021-11-09 09:32:33
photon
photon
Important Photon OS Security Update - PHSA-2021-0338
2021-04-15 00:00:00
Important Photon OS Security Update - PHSA-2021-0052
2021-06-25 00:00:00
Critical Photon OS Security Update - PHSA-2021-0383
2021-04-17 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-20266 affecting package rpm 4.14.2-15
2021-07-08 21:56:34
CVE-2021-20271 affecting package rpm 4.14.2-11
2021-05-06 23:56:44
CVE-2021-3421 affecting package rpm 4.14.2-15
2021-05-06 23:56:44
oraclelinux
oraclelinux
rpm security, bug fix, and enhancement update
2021-11-16 00:00:00
rpm security update
2021-06-30 00:00:00
rpm security update
2021-11-24 00:00:00
alpinelinux
alpinelinux
CVE-2021-20266
2021-04-30 12:15:07
CVE-2021-20271
2021-03-26 17:15:13
CVE-2021-3421
2021-05-19 14:15:07
prion
prion
Out-of-bounds
2021-04-30 12:15:00
Design/Logic Flaw
2021-03-26 17:15:00
Design/Logic Flaw
2021-05-19 14:15:00
ubuntucve
ubuntucve
CVE-2021-20266
2021-04-30 00:00:00
CVE-2021-20271
2021-03-26 00:00:00
CVE-2021-3421
2021-05-19 00:00:00
almalinux
almalinux
Low: rpm security, bug fix, and enhancement update
2021-11-09 09:32:33
Moderate: rpm security update
2021-06-29 13:43:23
cvelist
cvelist
CVE-2021-20266
2021-04-30 11:22:49
CVE-2021-20271
2021-03-26 00:00:00
CVE-2021-3421
2021-05-19 13:40:58
debiancve
debiancve
CVE-2021-20266
2021-04-30 12:15:07
CVE-2021-20271
2021-03-26 17:15:13
CVE-2021-3421
2021-05-19 14:15:07
nvd
nvd
CVE-2021-20266
2021-04-30 12:15:07
CVE-2021-20271
2021-03-26 17:15:13
CVE-2021-3421
2021-05-19 14:15:07
redhatcve
redhatcve
CVE-2021-20271
2021-03-11 23:03:45
CVE-2021-20266
2021-03-11 23:03:37
CVE-2021-3421
2021-03-11 23:03:50
f5
f5
K10396196 : Linux RPM vulnerability CVE-2021-20271
2022-01-05 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-04-29 12:08:33
Arbitrary Code Execution
2021-03-23 17:19:29
Injection Vulnerability
2021-03-23 16:20:57
cve
cve
CVE-2021-20266
2021-04-30 12:15:07
CVE-2021-20271
2021-03-26 17:15:13
CVE-2021-3421
2021-05-19 14:15:07
centos
centos
rpm security update
2021-12-01 19:22:41
rosalinux
rosalinux
Advisory ROSA-SA-2021-1963
2021-07-02 18:04:36

EPSS

0.002

Percentile

61.2%

JSON
Related for OPENSUSE-SU-2021:2682-1
openvas28nessus59fedora3osv8ibm9suse2aix1mageia1ubuntu1gentoo1amazon2redhat30rocky2photon14cbl_mariner3oraclelinux3alpinelinux3prion3ubuntucve3almalinux2cvelist3debiancve3nvd3redhatcve3f51veracode3cve3centos1rosalinux1