CVE-2026-44604

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

[SECURITY] Fedora 42 Update: dnf5-5.2.18.0-2.fc42

DNF5 is a command-line package manager that automates the process of installi ng, upgrading, configuring, and removing computer programs in a consistent manner. It supports RPM packages, modulemd modules, and comps groups & environments...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.16 bug fix and security update

Red Hat OpenShift Container Platform release 4.20.16 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a...

PT-2026-22490

Name of the Vulnerable Software and Affected Versions rust-rpm-sequoia affected versions not specified Description A flaw exists in rust-rpm-sequoia that allows an attacker to cause an application-level denial of service. This occurs when a specially crafted Red Hat Package Manager RPM file is...

Rpm-ostree: world-readable /etc/shadow file

...

rpm: races with chown/chmod/capabilities calls during installation

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system...

RPM: Multiple Vulnerabilities

Background The Red Hat Package Manager RPM is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Description Multiple vulnerabilities have been discovered in RPM. Please review the CVE identifiers...

AZL-10723 CVE-2021-35938 affecting package rpm for versions less than 4.18.0-1

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system...

rpm: Signature checks bypass via corrupted rpm package

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from th...

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.

...

Red Hat Package Manager 数据伪造问题漏洞

Red Hat Package Manager is a packaging and installation tool for Internet downloadable packages from Red Hat. It is included in some Linux distributions. It generates files with the .RPM extension. Similar to Dpkg. Red Hat Package Manager suffers from a Data Forgery Problem vulnerability that...

RPM: Multiple vulnerabilities

Background The Red Hat Package Manager RPM is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Description Multiple vulnerabilities have been discovered in RPM. Please review the CVE identifiers...

CVE-2018-1132

A flaw was found in Opendaylight's SDNInterfaceapp SDNI. Attackers can SQL inject the component's database SQLite without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series release. In addition to...

Red Hat RPM Elevation of Privilege Vulnerability

Red Hat RPM RPM Package Manager is a command-line driven package manager from Red Hat, Inc. that is used to install, uninstall, verify, query, and upgrade computer packages. A security vulnerability exists in Red Hat RPM versions prior to 4.13.0.2, which stems from a predictable temporary filenam...

UBUNTU-CVE-2014-8118

Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow...

yum: yum-cron installs unsigned packages

It was discovered that yum-updatesd did not properly perform RPM package signature checks. When yum-updatesd was configured to automatically install updates, a remote attacker could use this flaw to install a malicious update on the target system using an unsigned RPM or an RPM signed with an...

DEBIAN-CVE-2012-6088

The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package...

RHEL 2.1 : rxvt (RHSA-2003:055)

Updated rxvt packages are available which fix a number of vulnerabilities in the handling of escape sequences. Updated 12 March 2003 Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS Rxvt is a color VT102 terminal emulator for the X Window System. A number of issues...

PT-2011-5224 · Popt +3 · Popt +3

Name of the Vulnerable Software and Affected Versions: RPM versions 4.4.x through 4.9.x rpm package affected versions not specified rpm-devel affected versions not specified rpm-devel-32bit affected versions not specified rpm-devel-64bit affected versions not specified rpm-32bit affected versions...