rpm: Signature checks bypass via corrupted rpm package

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from th...

rpm: Signature checks bypass via corrupted rpm package

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from th...

MGASA-2021-0167 Updated rpm packages fix security vulnerabilities

This update from 4.16.1.2 to 4.16.1.3 fixes bugs several bugs the RPM package manager, including several security issues: Fix arbitrary data copied from signature header past signature checking CVE-2021-3421 Fix signature check bypass with corrupted package CVE-2021-20271 Fix missing bounds check...

DEBIAN-CVE-2018-7685

The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download...