Lucene search

K
rockyRockylinux Product ErrataRLSA-2022:0368
HistoryFeb 01, 2022 - 8:13 p.m.

rpm security update

2022-02-0120:13:05
Rockylinux Product Errata
errata.rockylinux.org
21
rpm
security update
rocky linux 8
common vulnerability scoring system (cvss)
cve-2021-3521
package management system

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

30.7%

An update is available for rpm.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.

Security Fix(es):

  • rpm: RPM does not require subkeys to have a valid binding signature (CVE-2021-3521)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

30.7%