OracleLinuxELSA-2024-0463rpm security update
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:M/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
35.7%
[4.16.1.3-27]
- TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)
- races with chown/chmod/capabilities calls during installation (CVE-2021-35938)
- checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 9 | src | rpm | < 4.16.1.3-27.el9_3 | rpm-4.16.1.3-27.el9_3.src.rpm |
| oracle linux | 9 | src | rpm | < 4.16.1.3-27.el9_3 | rpm-4.16.1.3-27.el9_3.src.rpm |
| oracle linux | 9 | aarch64 | python3-rpm | < 4.16.1.3-27.el9_3 | python3-rpm-4.16.1.3-27.el9_3.aarch64.rpm |
| oracle linux | 9 | aarch64 | rpm | < 4.16.1.3-27.el9_3 | rpm-4.16.1.3-27.el9_3.aarch64.rpm |
| oracle linux | 9 | noarch | rpm-apidocs | < 4.16.1.3-27.el9_3 | rpm-apidocs-4.16.1.3-27.el9_3.noarch.rpm |
| oracle linux | 9 | aarch64 | rpm-build | < 4.16.1.3-27.el9_3 | rpm-build-4.16.1.3-27.el9_3.aarch64.rpm |
| oracle linux | 9 | aarch64 | rpm-build-libs | < 4.16.1.3-27.el9_3 | rpm-build-libs-4.16.1.3-27.el9_3.aarch64.rpm |
| oracle linux | 9 | noarch | rpm-cron | < 4.16.1.3-27.el9_3 | rpm-cron-4.16.1.3-27.el9_3.noarch.rpm |
| oracle linux | 9 | aarch64 | rpm-devel | < 4.16.1.3-27.el9_3 | rpm-devel-4.16.1.3-27.el9_3.aarch64.rpm |
| oracle linux | 9 | aarch64 | rpm-libs | < 4.16.1.3-27.el9_3 | rpm-libs-4.16.1.3-27.el9_3.aarch64.rpm |
Related
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:M/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
35.7%