Lucene search

K
centosCentOS ProjectCESA-2021:4785
HistoryDec 01, 2021 - 7:22 p.m.

rpm security update

2021-12-0119:22:41
CentOS Project
lists.centos.org
143
rpm
centos
signature checks
security update

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.2%

CentOS Errata and Security Advisory CESA-2021:4785

The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.

Security Fix(es):

  • rpm: Signature checks bypass via corrupted rpm package (CVE-2021-20271)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2021-December/086206.html

Affected packages:
rpm
rpm-apidocs
rpm-build
rpm-build-libs
rpm-cron
rpm-devel
rpm-libs
rpm-plugin-systemd-inhibit
rpm-python
rpm-sign

Upstream details at:
https://access.redhat.com/errata/RHSA-2021:4785

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.2%