Bugzilla – Bug 1183545
VUL-0: CVE-2021-20271: rpm: Signature checks bypass via corrupted rpm package
Last modified: 2022-11-10 17:21:54 UTC
rh#1934125 A flaw was found in rpm. Given an RPM package signed by a trusted key, it is possible to modify it such that it still passes signature checks, but installing it corrupts the rpmdb. References: https://bugzilla.redhat.com/show_bug.cgi?id=1934125 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20271 https://access.redhat.com/security/cve/CVE-2021-20271
SUSE-SU-2021:2682-1: An update that solves three vulnerabilities, contains two features and has one errata is now available. Category: security (important) Bug References: 1179416,1181805,1183543,1183545 CVE References: CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 JIRA References: ECO-3622,SLE-17817 Sources used: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (src): rpm-4.14.3-37.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (src): rpm-4.14.3-37.2 SUSE Linux Enterprise Module for Python2 15-SP3 (src): python-rpm-4.14.3-37.2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src): rpm-ndb-4.14.3-37.2 SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): rpm-4.14.3-37.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): python-rpm-4.14.3-37.2, rpm-4.14.3-37.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:2682-1: An update that solves three vulnerabilities, contains two features and has one errata is now available. Category: security (important) Bug References: 1179416,1181805,1183543,1183545 CVE References: CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 JIRA References: ECO-3622,SLE-17817 Sources used: openSUSE Leap 15.3 (src): python-rpm-4.14.3-37.2, rpm-4.14.3-37.2, rpm-ndb-4.14.3-37.2
SUSE-SU-2021:3444-1: An update that solves three vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548 CVE References: CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 JIRA References: Sources used: SUSE MicroOS 5.0 (src): python-rpm-4.14.1-22.4.1, rpm-4.14.1-22.4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (src): rpm-4.14.1-22.4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (src): rpm-4.14.1-22.4.2 SUSE Linux Enterprise Module for Python2 15-SP2 (src): python-rpm-4.14.1-22.4.1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src): rpm-ndb-4.14.1-22.4.2 SUSE Linux Enterprise Module for Development Tools 15-SP2 (src): rpm-4.14.1-22.4.2 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): python-rpm-4.14.1-22.4.1, rpm-4.14.1-22.4.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:1366-1: An update that solves three vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548 CVE References: CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 JIRA References: Sources used: openSUSE Leap 15.2 (src): python-rpm-4.14.1-lp152.18.3.1, rpm-4.14.1-lp152.18.3.1
SUSE-SU-2022:3939-1: An update that solves three vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1183543,1183545,1183632,1183659,1185299,996280 CVE References: CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): rpm-4.11.2-16.26.1 SUSE Linux Enterprise Server 12-SP5 (src): python3-rpm-4.11.2-16.26.1, rpm-4.11.2-16.26.1, rpm-python-4.11.2-16.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.