Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 501
Alerts This Week
Warning Icon 1 501

SUSE: 2021:2682-1 Important RPM Access Control and Integrity Fixes

suse
Calendar Grey August 12, 2021
Dist Suse Esm H88
SUSE Announcement: Crucial enhancements for rpm package tackling security, permission governance, and uptime concerns have been released.
An update that solves three vulnerabilities, contains two features and has one errata is now available

Summary

This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to

References

#1179416 #1181805 #1183543 #1183545 ECO-3622

SLE-17817

Cross- CVE-2021-20266 CVE-2021-20271 CVE-2021-3421

CVSS scores:

CVE-2021-20266 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2021-20266 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

CVE-2021-20271 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-20271 (SUSE): 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L

CVE-2021-3421 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVE-2021-3421 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected Products:

SUSE Linux Enterprise Module for SUSE Manager Server 4.2

SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2

SUSE Linux Enterprise Module for Python2 15-SP3

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2682-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.