Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat Enterprise Linux 8 RHSA-2021-2574-01 Moderate RPM Signature Bypass

red hat
Calendar Grey June 29, 2021
Dist Redhat Esm H88
Red Hat releases rpm with a significant security patch addressing a potential signature verification loophole. Discover further details here.
An update for rpm is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running applications linked against the RPM library must be restarted for this update to take effect.

Summary

The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.
Security Fix(es):
* rpm: Signature checks bypass via corrupted rpm package (CVE-2021-20271)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory security issue Red Hat Enterprise Linux moderate impact package management signature bypass rpm update

References

https://access.redhat.com/security/cve/CVE-2021-20271 https://access.redhat.com/security/updates/classification#moderate

Package List

Red Hat Enterprise Linux AppStream (v. 8):
aarch64: python3-rpm-debuginfo-4.14.3-14.el8_4.aarch64.rpm rpm-build-4.14.3-14.el8_4.aarch64.rpm rpm-build-debuginfo-4.14.3-14.el8_4.aarch64.rpm rpm-build-libs-debuginfo-4.14.3-14.el8_4.aarch64.rpm rpm-debuginfo-4.14.3-14.el8_4.aarch64.rpm rpm-debugsource-4.14.3-14.el8_4.aarch64.rpm rpm-devel-debuginfo-4.14.3-14.el8_4.aarch64.rpm rpm-libs-debuginfo-4.14.3-14.el8_4.aarch64.rpm rpm-plugin-fapolicyd-4.14.3-14.el8_4.aarch64.rpm rpm-plugin-fapolicyd-debuginfo-4.14.3-14.el8_4.aarch64.rpm rpm-plugin-ima-debuginfo-4.14.3-14.el8_4.aarch64.rpm rpm-plugin-prioreset-debuginfo-4.14.3-14.el8_4.aarch64.rpm rpm-plugin-selinux-debuginfo-4.14.3-14.el8_4.aarch64.rpm rpm-plugin-syslog-debuginfo-4.14.3-14.el8_4.aarch64.rpm rpm-plugin-systemd-inhibit-debuginfo-4.14.3-14.el8_4.aarch64.rpm rpm-sign-debuginfo-4.14.3-14.el8_4.aarch64.rpm
ppc64le: python3-rpm-debuginfo-4.14.3-14.el8_4.ppc64le.rpm rpm-build-4.14.3-14.el8_4.ppc64le.rpm rpm-build-debuginfo-4.14.3-14.el8_4.ppc64le.rpm rpm-build-libs-debuginfo-4.14.3-14.el8_4.ppc64le.rpm rpm-debuginfo-4.14.3-14.el8_4.ppc64le.rpm rpm-debugsource-4.14.3-14.el8_4.ppc64le.rpm rpm-devel-debuginfo-4.14.3-14.el8_4.ppc64le.rpm rpm-libs-debuginfo-4.14.3-14.el8_4.ppc64le.rpm

Read the Full Advisory


Advisory ID: RHSA-2021:2574-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2574
Issue date: 2021-06-29

Topic

An update for rpm is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security issue Red Hat Enterprise Linux moderate impact package management signature bypass rpm update

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

Bugs Fixed

1934125 - CVE-2021-20271 rpm: Signature checks bypass via corrupted rpm package

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here