37 matches found
CLSA-2026-1777539405 rpm: Fix of CVE-2021-3521
CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...
MiracleLinux 8 : rpm-4.14.3-19.el8.2 (AXSA:2022-3034:02)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3034:02 advisory. rpm: RPM does not require subkeys to have a valid binding signature CVE-2021-3521 Tenable has extracted the preceding description block directly from the...
TencentOS Server 3: rpm (TSSA-2022:0007)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0007 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2021-3521
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding...
openSUSE Security Advisory (SUSE-SU-2024:1557-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15: python3-rpm / python311-rpm / rpm / rpm-32bit / rpm-build / etc (SUSE-SU-2024:1557-2)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1557-2 advisory. Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking bsc1191175 Other fixes: ...
SUSE-SU-2024:1557-2 Security update for rpm
This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking bsc1191175 Other fixes: - accept more signature subpackets marked as critical bsc1218686 - backport limit support for the autopatch macro bsc1189495...
openSUSE Security Advisory (SUSE-SU-2024:1557-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15: python3-rpm / python311-rpm / rpm / rpm-32bit / rpm-build / etc (SUSE-SU-2024:1557-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1557-1 advisory. Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking bsc1191175 Other fixes: ...
SUSE: Security Advisory (SUSE-SU-2024:1557-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:1557-3 Security update for rpm
This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking bsc1191175 Other fixes: - accept more signature subpackets marked as critical bsc1218686 - backport limit support for the autopatch macro bsc1189495...
Rocky Linux 8 : rpm (RLSA-2022:0368)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0368 advisory. - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding...
BELL-CVE-2021-3521 CVE-2021-3521 does not affect BellSoft software
Bulletin has no description...
EulerOS Virtualization 3.0.6.0 : rpm (EulerOS-SA-2023-2230)
According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a 'binding signature.' RPM...
Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2023-2230)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-3521 affecting package rpm for versions less than 4.18.0-1
CVE-2021-3521 affecting package rpm for versions less than 4.18.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2021-3521 affecting package rpm 4.14.2-14
CVE-2021-3521 affecting package rpm 4.14.2-14. A patched version of the package is available...
CVE-2021-3521
CVE-2021-3521 describes a flaw in RPM’s handling of OpenPGP subkeys: binding signatures on subkeys are not checked before import, enabling potential trust of malicious signatures and risking data integrity. Exploitation requires compromising a repository or persuading an administrator to install ...
rpm4 -- Multiple Vulnerabilities
rpm project reports: Fix intermediate symlinks not verified CVE-2021-35939. Fix subkey binding signatures not checked on PGP public keys CVE-2021-3521. Refactor file and directory operations to use fd-based APIs throughout CVE-2021-35938...
Security Bulletin: IBM MQ Operator and IBM supplied MQ Advanced container images are vulnerable to multiple issues from Red Hat UBI packages and the IBM WebSphere Application Server Liberty
Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.5-x packages that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. We have also identified an issue in the IBM WebSphere Application Server Liberty component that is packaged with IBM supplie...