Bug 1183545 (CVE-2021-20271)

Summary: VUL-0: CVE-2021-20271: rpm: Signature checks bypass via corrupted rpm package
Product: [Novell Products] SUSE Security Incidents Reporter: Robert Frohl <rfrohl>
Component: IncidentsAssignee: Michael Schröder <mls>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P3 - Medium CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/279680/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-20271:3.3:(AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Robert Frohl 2021-03-15 15:31:49 UTC 
rh#1934125

A flaw was found in rpm. Given an RPM package signed by a trusted key, it is possible to modify it such that it still passes signature checks, but installing it corrupts the rpmdb.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1934125
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20271
https://access.redhat.com/security/cve/CVE-2021-20271
Comment 2 Swamp Workflow Management 2021-08-12 22:17:43 UTC 
SUSE-SU-2021:2682-1: An update that solves three vulnerabilities, contains two features and has one errata is now available.

Category: security (important)
Bug References: 1179416,1181805,1183543,1183545
CVE References: CVE-2021-20266,CVE-2021-20271,CVE-2021-3421
JIRA References: ECO-3622,SLE-17817
Sources used:
SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (src):    rpm-4.14.3-37.2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (src):    rpm-4.14.3-37.2
SUSE Linux Enterprise Module for Python2 15-SP3 (src):    python-rpm-4.14.3-37.2
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    rpm-ndb-4.14.3-37.2
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    rpm-4.14.3-37.2
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    python-rpm-4.14.3-37.2, rpm-4.14.3-37.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 3 Swamp Workflow Management 2021-08-17 10:26:36 UTC 
openSUSE-SU-2021:2682-1: An update that solves three vulnerabilities, contains two features and has one errata is now available.

Category: security (important)
Bug References: 1179416,1181805,1183543,1183545
CVE References: CVE-2021-20266,CVE-2021-20271,CVE-2021-3421
JIRA References: ECO-3622,SLE-17817
Sources used:
openSUSE Leap 15.3 (src):    python-rpm-4.14.3-37.2, rpm-4.14.3-37.2, rpm-ndb-4.14.3-37.2
Comment 5 Swamp Workflow Management 2021-10-15 10:39:54 UTC 
SUSE-SU-2021:3444-1: An update that solves three vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548
CVE References: CVE-2021-20266,CVE-2021-20271,CVE-2021-3421
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    python-rpm-4.14.1-22.4.1, rpm-4.14.1-22.4.2
SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (src):    rpm-4.14.1-22.4.2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (src):    rpm-4.14.1-22.4.2
SUSE Linux Enterprise Module for Python2 15-SP2 (src):    python-rpm-4.14.1-22.4.1
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    rpm-ndb-4.14.1-22.4.2
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    rpm-4.14.1-22.4.2
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    python-rpm-4.14.1-22.4.1, rpm-4.14.1-22.4.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2021-10-18 16:16:59 UTC 
openSUSE-SU-2021:1366-1: An update that solves three vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548
CVE References: CVE-2021-20266,CVE-2021-20271,CVE-2021-3421
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    python-rpm-4.14.1-lp152.18.3.1, rpm-4.14.1-lp152.18.3.1
Comment 10 Swamp Workflow Management 2022-11-10 17:21:54 UTC 
SUSE-SU-2022:3939-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1183543,1183545,1183632,1183659,1185299,996280
CVE References: CVE-2021-20266,CVE-2021-20271,CVE-2021-3421
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    rpm-4.11.2-16.26.1
SUSE Linux Enterprise Server 12-SP5 (src):    python3-rpm-4.11.2-16.26.1, rpm-4.11.2-16.26.1, rpm-python-4.11.2-16.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.