3 matches found
Unity Linux 20.1070e Security Update: rpm (UTSA-2025-680653)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680653 advisory. There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature...
CLSA-2022-1644869406 Fix of CVE: CVE-2021-3521
CVE-2021-3521: RPM does not require subkeys to have a valid binding signature...
rpm: RPM does not require subkeys to have a valid binding signature
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature."1 RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey t...