MiracleLinux 8 : dnf (AXSA:2022-2892:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2892:01 advisory. libdnf: Signature verification bypass via signature placed in the main RPM header CVE-2021-3445 Tenable has extracted the preceding description block directl...

SUSE CVE-2021-3445

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability...

The vulnerability of the libdnf package manager library involves incorrect verification of the cryptographic signature of data. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the package manager library libdnf is related to a bug in the signature verification function. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

CVE-2021-3445

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability...