MGASA-2021-0167

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0167.html

Import Source

https://advisories.mageia.org/MGASA-2021-0167.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0167

Related

Published

2021-04-02T10:16:21Z

Modified

2021-04-02T09:21:41Z

Summary

Updated rpm packages fix security vulnerabilities

Details

This update from 4.16.1.2 to 4.16.1.3 fixes bugs several bugs the RPM package manager, including several security issues: * Fix arbitrary data copied from signature header past signature checking (CVE-2021-3421) * Fix signature check bypass with corrupted package (CVE-2021-20271) * Fix missing bounds checks in headerImport() and headerCheck() (CVE-2021-20266) * Fix missing sanity checks on header entry count and region data overlap * Fix access past end of header if the last entry is string type * Fix unsafe headerCopyLoad() still used in codebase

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / rpm

Package

Name: rpm
Purl: pkg:rpm/mageia/rpm?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.16.1.3-1.mga8

Ecosystem specific

{
    "section": "core"
}