Lucene search

Rockylinux Product ErrataRLSA-2024:0647

HistoryFeb 12, 2024 - 8:17 p.m.

rpm security update

2024-02-1220:17:16

Rockylinux Product Errata

errata.rockylinux.org

rpm

security update

rocky linux 8

toctou

race vulnerabilities

cve-2021-35937

cve-2021-35938

cve-2021-35939

cvss score

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:M/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

35.7%

JSON

An update is available for rpm.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.

Security Fix(es):

rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)
rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)
rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
rocky8aarch64python3-rpm< 4.14.3-28.el8_9python3-rpm-0:4.14.3-28.el8_9.aarch64.rpm
rocky8aarch64python3-rpm-debuginfo< 4.14.3-28.el8_9python3-rpm-debuginfo-0:4.14.3-28.el8_9.aarch64.rpm
rocky8aarch64rpm< 4.14.3-28.el8_9rpm-0:4.14.3-28.el8_9.aarch64.rpm
rocky8noarchrpm-apidocs< 4.14.3-28.el8_9rpm-apidocs-0:4.14.3-28.el8_9.noarch.rpm
rocky8aarch64rpm-build< 4.14.3-28.el8_9rpm-build-0:4.14.3-28.el8_9.aarch64.rpm
rocky8aarch64rpm-build-debuginfo< 4.14.3-28.el8_9rpm-build-debuginfo-0:4.14.3-28.el8_9.aarch64.rpm
rocky8aarch64rpm-build-libs< 4.14.3-28.el8_9rpm-build-libs-0:4.14.3-28.el8_9.aarch64.rpm
rocky8aarch64rpm-build-libs-debuginfo< 4.14.3-28.el8_9rpm-build-libs-debuginfo-0:4.14.3-28.el8_9.aarch64.rpm
rocky8noarchrpm-cron< 4.14.3-28.el8_9rpm-cron-0:4.14.3-28.el8_9.noarch.rpm
rocky8aarch64rpm-debuginfo< 4.14.3-28.el8_9rpm-debuginfo-0:4.14.3-28.el8_9.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
rocky	8	aarch64	python3-rpm	< 4.14.3-28.el8_9	python3-rpm-0:4.14.3-28.el8_9.aarch64.rpm
rocky	8	aarch64	python3-rpm-debuginfo	< 4.14.3-28.el8_9	python3-rpm-debuginfo-0:4.14.3-28.el8_9.aarch64.rpm
rocky	8	aarch64	rpm	< 4.14.3-28.el8_9	rpm-0:4.14.3-28.el8_9.aarch64.rpm
rocky	8	noarch	rpm-apidocs	< 4.14.3-28.el8_9	rpm-apidocs-0:4.14.3-28.el8_9.noarch.rpm
rocky	8	aarch64	rpm-build	< 4.14.3-28.el8_9	rpm-build-0:4.14.3-28.el8_9.aarch64.rpm
rocky	8	aarch64	rpm-build-debuginfo	< 4.14.3-28.el8_9	rpm-build-debuginfo-0:4.14.3-28.el8_9.aarch64.rpm
rocky	8	aarch64	rpm-build-libs	< 4.14.3-28.el8_9	rpm-build-libs-0:4.14.3-28.el8_9.aarch64.rpm
rocky	8	aarch64	rpm-build-libs-debuginfo	< 4.14.3-28.el8_9	rpm-build-libs-debuginfo-0:4.14.3-28.el8_9.aarch64.rpm
rocky	8	noarch	rpm-cron	< 4.14.3-28.el8_9	rpm-cron-0:4.14.3-28.el8_9.noarch.rpm
rocky	8	aarch64	rpm-debuginfo	< 4.14.3-28.el8_9	rpm-debuginfo-0:4.14.3-28.el8_9.aarch64.rpm