Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Oracle Linux 9 ELSA-2024-0463 Moderate: RPM Symlink Concerns

oracle
Calendar Grey January 26, 2024
Oracle Linux Logo Esm H88
Forthcoming security patch for Oracle Linux 9 addressing issues such as unsafe symbolic link handling and installation conflicts.
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

Summary

[4.16.1.3-27] - TOCTOU race in checks for unsafe symlinks (CVE-2021-35937) - races with chown/chmod/capabilities calls during installation (CVE-2021-35938) - checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)

Topics%20covered

Topics Covered

security advisory security patch symlink issue Oracle Linux RPM update installation race

SRPMs

https://oss.oracle.com:443/ol9/SRPMS-updates//rpm-4.16.1.3-27.el9_3.src.rpm

x86_64

python3-rpm-4.16.1.3-27.el9_3.x86_64.rpm rpm-4.16.1.3-27.el9_3.x86_64.rpm rpm-apidocs-4.16.1.3-27.el9_3.noarch.rpm rpm-build-4.16.1.3-27.el9_3.x86_64.rpm rpm-build-libs-4.16.1.3-27.el9_3.i686.rpm rpm-build-libs-4.16.1.3-27.el9_3.x86_64.rpm rpm-cron-4.16.1.3-27.el9_3.noarch.rpm rpm-devel-4.16.1.3-27.el9_3.i686.rpm rpm-devel-4.16.1.3-27.el9_3.x86_64.rpm rpm-libs-4.16.1.3-27.el9_3.i686.rpm rpm-libs-4.16.1.3-27.el9_3.x86_64.rpm rpm-plugin-audit-4.16.1.3-27.el9_3.x86_64.rpm rpm-plugin-fapolicyd-4.16.1.3-27.el9_3.x86_64.rpm rpm-plugin-ima-4.16.1.3-27.el9_3.x86_64.rpm rpm-plugin-selinux-4.16.1.3-27.el9_3.x86_64.rpm rpm-plugin-syslog-4.16.1.3-27.el9_3.x86_64.rpm rpm-plugin-systemd-inhibit-4.16.1.3-27.el9_3.x86_64.rpm rpm-sign-4.16.1.3-27.el9_3.x86_64.rpm rpm-sign-libs-4.16.1.3-27.el9_3.i686.rpm rpm-sign-libs-4.16.1.3-27.el9_3.x86_64.rpm

aarch64

python3-rpm-4.16.1.3-27.el9_3.aarch64.rpm rpm-4.16.1.3-27.el9_3.aarch64.rpm rpm-apidocs-4.16.1.3-27.el9_3.noarch.rpm rpm-build-4.16.1.3-27.el9_3.aarch64.rpm rpm-build-libs-4.16.1.3-27.el9_3.aarch64.rpm rpm-cron-4.16.1.3-27.el9_3.noarch.rpm rpm-devel-4.16.1.3-27.el9_3.aarch64.rpm rpm-libs-4.16.1.3-27.el9_3.aarch64.rpm rpm-plugin-audit-4.16.1.3-27.el9_3.aarch64.rpm rpm-plugin-fapolicyd-4.16.1.3-27.el9_3.aarch64.rpm rpm-plugin-ima-4.16.1.3-27.el9_3.aarch64.rpm rpm-plugin-selinux-4.16.1.3-27.el9_3.aarch64.rpm rpm-plugin-syslog-4.16.1.3-27.el9_3.aarch64.rpm rpm-plugin-systemd-inhibit-4.16.1.3-27.el9_3.aarch64.rpm rpm-sign-4.16.1.3-27.el9_3.aarch64.rpm rpm-sign-libs-4.16.1.3-27.el9_3.aarch64.rpm

Related CVEs: CVE-2021-35937 CVE-2021-35938 CVE-2021-35939

Topics%20covered

Topics Covered

security advisory security patch symlink issue Oracle Linux RPM update installation race

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here