CLSA-2022-1671123868

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1671123868.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2022-1671123868
Upstream
Published
2022-12-15T17:04:28Z
Modified
2026-06-01T00:33:20.309121089Z
Summary
rpm: Fix of 2 CVEs
Details
  • CVE-2021-35939: validate intermediate symlinks during installation
  • CVE-2021-35938: set file metadata via fd-based ops for everything but symlinks
  • Fix file descriptor leak recently introduced in rpmPackageFilesInstall()
References

Affected packages

TuxCare:CentOS:8.4
python3-rpm

Package

Name
python3-rpm
Purl
pkg:rpm/tuxcare/python3-rpm?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.14.3-19.el8.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1671123868.json"
rpm

Package

Name
rpm
Purl
pkg:rpm/tuxcare/rpm?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.14.3-19.el8.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1671123868.json"
rpm-apidocs

Package

Name
rpm-apidocs
Purl
pkg:rpm/tuxcare/rpm-apidocs?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.14.3-19.el8.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1671123868.json"
rpm-build

Package

Name
rpm-build
Purl
pkg:rpm/tuxcare/rpm-build?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.14.3-19.el8.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1671123868.json"
rpm-build-libs

Package

Name
rpm-build-libs
Purl
pkg:rpm/tuxcare/rpm-build-libs?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.14.3-19.el8.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1671123868.json"
rpm-cron

Package

Name
rpm-cron
Purl
pkg:rpm/tuxcare/rpm-cron?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.14.3-19.el8.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1671123868.json"
rpm-devel

Package

Name
rpm-devel
Purl
pkg:rpm/tuxcare/rpm-devel?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.14.3-19.el8.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1671123868.json"
rpm-libs

Package

Name
rpm-libs
Purl
pkg:rpm/tuxcare/rpm-libs?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.14.3-19.el8.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1671123868.json"
rpm-plugin-fapolicyd

Package

Name
rpm-plugin-fapolicyd
Purl
pkg:rpm/tuxcare/rpm-plugin-fapolicyd?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.14.3-19.el8.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1671123868.json"
rpm-plugin-ima

Package

Name
rpm-plugin-ima
Purl
pkg:rpm/tuxcare/rpm-plugin-ima?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.14.3-19.el8.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1671123868.json"
rpm-plugin-prioreset

Package

Name
rpm-plugin-prioreset
Purl
pkg:rpm/tuxcare/rpm-plugin-prioreset?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.14.3-19.el8.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1671123868.json"
rpm-plugin-selinux

Package

Name
rpm-plugin-selinux
Purl
pkg:rpm/tuxcare/rpm-plugin-selinux?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.14.3-19.el8.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1671123868.json"
rpm-plugin-syslog

Package

Name
rpm-plugin-syslog
Purl
pkg:rpm/tuxcare/rpm-plugin-syslog?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.14.3-19.el8.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1671123868.json"
rpm-plugin-systemd-inhibit

Package

Name
rpm-plugin-systemd-inhibit
Purl
pkg:rpm/tuxcare/rpm-plugin-systemd-inhibit?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.14.3-19.el8.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1671123868.json"
rpm-sign

Package

Name
rpm-sign
Purl
pkg:rpm/tuxcare/rpm-sign?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.14.3-19.el8.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1671123868.json"