Lucene search

RedHatRHSA-2024:0582

HistoryJan 30, 2024 - 12:53 p.m.

(RHSA-2024:0582) Moderate: rpm security update

2024-01-3012:53:23

access.redhat.com

rpm package manager

package management system

security fix

toctou race

chown/chmod/capabilities calls

unsafe symlinks

cve-2021-35937

cve-2021-35938

cve-2021-35939

references

cvss score

acknowledgments

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:M/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

35.7%

JSON

The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.

Security Fix(es):

rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)
rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)
rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8ppc64lerpm-build< 4.14.3-28.el8_8rpm-build-4.14.3-28.el8_8.ppc64le.rpm
RedHat8aarch64rpm-devel-debuginfo< 4.14.3-28.el8_8rpm-devel-debuginfo-4.14.3-28.el8_8.aarch64.rpm
RedHat8noarchrpm-apidocs< 4.14.3-28.el8_8rpm-apidocs-4.14.3-28.el8_8.noarch.rpm
RedHat8s390xrpm-build-debuginfo< 4.14.3-28.el8_8rpm-build-debuginfo-4.14.3-28.el8_8.s390x.rpm
RedHat8s390xrpm-sign< 4.14.3-28.el8_8rpm-sign-4.14.3-28.el8_8.s390x.rpm
RedHat8ppc64lerpm-devel-debuginfo< 4.14.3-28.el8_8rpm-devel-debuginfo-4.14.3-28.el8_8.ppc64le.rpm
RedHat8x86_64rpm-plugin-selinux-debuginfo< 4.14.3-28.el8_8rpm-plugin-selinux-debuginfo-4.14.3-28.el8_8.x86_64.rpm
RedHat8ppc64lerpm-plugin-fapolicyd< 4.14.3-28.el8_8rpm-plugin-fapolicyd-4.14.3-28.el8_8.ppc64le.rpm
RedHat8aarch64rpm-plugin-systemd-inhibit-debuginfo< 4.14.3-28.el8_8rpm-plugin-systemd-inhibit-debuginfo-4.14.3-28.el8_8.aarch64.rpm
RedHat8s390xrpm-plugin-fapolicyd< 4.14.3-28.el8_8rpm-plugin-fapolicyd-4.14.3-28.el8_8.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	ppc64le	rpm-build	< 4.14.3-28.el8_8	rpm-build-4.14.3-28.el8_8.ppc64le.rpm
RedHat	8	aarch64	rpm-devel-debuginfo	< 4.14.3-28.el8_8	rpm-devel-debuginfo-4.14.3-28.el8_8.aarch64.rpm
RedHat	8	noarch	rpm-apidocs	< 4.14.3-28.el8_8	rpm-apidocs-4.14.3-28.el8_8.noarch.rpm
RedHat	8	s390x	rpm-build-debuginfo	< 4.14.3-28.el8_8	rpm-build-debuginfo-4.14.3-28.el8_8.s390x.rpm
RedHat	8	s390x	rpm-sign	< 4.14.3-28.el8_8	rpm-sign-4.14.3-28.el8_8.s390x.rpm
RedHat	8	ppc64le	rpm-devel-debuginfo	< 4.14.3-28.el8_8	rpm-devel-debuginfo-4.14.3-28.el8_8.ppc64le.rpm
RedHat	8	x86_64	rpm-plugin-selinux-debuginfo	< 4.14.3-28.el8_8	rpm-plugin-selinux-debuginfo-4.14.3-28.el8_8.x86_64.rpm
RedHat	8	ppc64le	rpm-plugin-fapolicyd	< 4.14.3-28.el8_8	rpm-plugin-fapolicyd-4.14.3-28.el8_8.ppc64le.rpm
RedHat	8	aarch64	rpm-plugin-systemd-inhibit-debuginfo	< 4.14.3-28.el8_8	rpm-plugin-systemd-inhibit-debuginfo-4.14.3-28.el8_8.aarch64.rpm
RedHat	8	s390x	rpm-plugin-fapolicyd	< 4.14.3-28.el8_8	rpm-plugin-fapolicyd-4.14.3-28.el8_8.s390x.rpm