ALSA-2024:0463

Source
https://errata.almalinux.org/9/ALSA-2024-0463.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:0463.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2024:0463
Related
Published
2024-01-25T00:00:00Z
Modified
2024-01-25T21:52:51Z
Summary
Moderate: rpm security update
Details

The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.

Security Fix(es):

  • rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)
  • rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)
  • rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:9 / python3-rpm

Package

Name
python3-rpm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.1.3-27.el9_3

AlmaLinux:9 / rpm

Package

Name
rpm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.1.3-27.el9_3

AlmaLinux:9 / rpm-apidocs

Package

Name
rpm-apidocs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.1.3-27.el9_3

AlmaLinux:9 / rpm-build

Package

Name
rpm-build

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.1.3-27.el9_3

AlmaLinux:9 / rpm-build-libs

Package

Name
rpm-build-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.1.3-27.el9_3

AlmaLinux:9 / rpm-cron

Package

Name
rpm-cron

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.1.3-27.el9_3

AlmaLinux:9 / rpm-devel

Package

Name
rpm-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.1.3-27.el9_3

AlmaLinux:9 / rpm-libs

Package

Name
rpm-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.1.3-27.el9_3

AlmaLinux:9 / rpm-plugin-audit

Package

Name
rpm-plugin-audit

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.1.3-27.el9_3

AlmaLinux:9 / rpm-plugin-fapolicyd

Package

Name
rpm-plugin-fapolicyd

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.1.3-27.el9_3

AlmaLinux:9 / rpm-plugin-ima

Package

Name
rpm-plugin-ima

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.1.3-27.el9_3

AlmaLinux:9 / rpm-plugin-selinux

Package

Name
rpm-plugin-selinux

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.1.3-27.el9_3

AlmaLinux:9 / rpm-plugin-syslog

Package

Name
rpm-plugin-syslog

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.1.3-27.el9_3

AlmaLinux:9 / rpm-plugin-systemd-inhibit

Package

Name
rpm-plugin-systemd-inhibit

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.1.3-27.el9_3

AlmaLinux:9 / rpm-sign

Package

Name
rpm-sign

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.1.3-27.el9_3

AlmaLinux:9 / rpm-sign-libs

Package

Name
rpm-sign-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.1.3-27.el9_3