Download
| Alert*
oval:org.secpod.oval:def:506227
The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fix: * rpm: Signature checks bypass via corrupted rpm package For more details about the security issue, including the impac ... oval:org.secpod.oval:def:1601459 A flaw was found in RPM"s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this ... oval:org.secpod.oval:def:119675 The RPM Package Manager is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package like its version, a descriptio ... oval:org.secpod.oval:def:89047072 This update for rpm fixes the following issues: - Changed default package verification level to "none" to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb"s glue code - Added support for enforcing signature policy and payload verification ... oval:org.secpod.oval:def:4500042 The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer t ... oval:org.secpod.oval:def:90244 The host is missing a patch containing a security fixes, which affects the following package(s): rpm.rte oval:org.secpod.oval:def:89049507 This update for rpm fixes the following issues: Security issues fixed: - CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements - PGP hardening changes - Fixed potential access of freed mem in ndb"s glue code Maintaince issues fixed: - Fixed zstd detection - Added ndb ... oval:org.secpod.oval:def:89047865 This update for rpm fixes the following issues: - Fixed PGP parsing bugs . - Fixed various format handling bugs . - CVE-2021-3421: Fixed vulnerability where unsigned headers could be injected into the rpm database . - CVE-2021-20271: Fixed vulnerability where a corrupted rpm could corrupt the rpm da ... oval:org.secpod.oval:def:1700679 A flaw was found in RPM"s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this ... |