Red Hat Security Advisory 2021-4785-01

Red Hat Security Advisory 2021-4785-01: Posted Nov 24, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-4785-01 - The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Issues addressed include a bypass vulnerability.; tags | advisory, bypass; systems | linux, redhat; advisories | CVE-2021-20271; SHA-256 | 45e4c151df552ca41827d16dbb327c2f4fdbac94c2deb004ead13026b1e479e5; Download | Favorite | View

Red Hat Security Advisory 2021-4785-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: rpm security update
Advisory ID:       RHSA-2021:4785-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:4785
Issue date:        2021-11-23
CVE Names:         CVE-2021-20271 
=====================================================================

1. Summary:

An update for rpm is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

The RPM Package Manager (RPM) is a command-line driven package management
system capable of installing, uninstalling, verifying, querying, and
updating software packages.

Security Fix(es):

* rpm: Signature checks bypass via corrupted rpm package (CVE-2021-20271)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running applications linked against the RPM library must be restarted
for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1934125 - CVE-2021-20271 rpm: Signature checks bypass via corrupted rpm package

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
rpm-4.11.3-48.el7_9.src.rpm

x86_64:
rpm-4.11.3-48.el7_9.x86_64.rpm
rpm-build-4.11.3-48.el7_9.x86_64.rpm
rpm-build-libs-4.11.3-48.el7_9.i686.rpm
rpm-build-libs-4.11.3-48.el7_9.x86_64.rpm
rpm-debuginfo-4.11.3-48.el7_9.i686.rpm
rpm-debuginfo-4.11.3-48.el7_9.x86_64.rpm
rpm-libs-4.11.3-48.el7_9.i686.rpm
rpm-libs-4.11.3-48.el7_9.x86_64.rpm
rpm-python-4.11.3-48.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
rpm-apidocs-4.11.3-48.el7_9.noarch.rpm
rpm-cron-4.11.3-48.el7_9.noarch.rpm

x86_64:
rpm-debuginfo-4.11.3-48.el7_9.i686.rpm
rpm-debuginfo-4.11.3-48.el7_9.x86_64.rpm
rpm-devel-4.11.3-48.el7_9.i686.rpm
rpm-devel-4.11.3-48.el7_9.x86_64.rpm
rpm-plugin-systemd-inhibit-4.11.3-48.el7_9.x86_64.rpm
rpm-sign-4.11.3-48.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
rpm-4.11.3-48.el7_9.src.rpm

x86_64:
rpm-4.11.3-48.el7_9.x86_64.rpm
rpm-build-4.11.3-48.el7_9.x86_64.rpm
rpm-build-libs-4.11.3-48.el7_9.i686.rpm
rpm-build-libs-4.11.3-48.el7_9.x86_64.rpm
rpm-debuginfo-4.11.3-48.el7_9.i686.rpm
rpm-debuginfo-4.11.3-48.el7_9.x86_64.rpm
rpm-libs-4.11.3-48.el7_9.i686.rpm
rpm-libs-4.11.3-48.el7_9.x86_64.rpm
rpm-python-4.11.3-48.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
rpm-apidocs-4.11.3-48.el7_9.noarch.rpm
rpm-cron-4.11.3-48.el7_9.noarch.rpm

x86_64:
rpm-debuginfo-4.11.3-48.el7_9.i686.rpm
rpm-debuginfo-4.11.3-48.el7_9.x86_64.rpm
rpm-devel-4.11.3-48.el7_9.i686.rpm
rpm-devel-4.11.3-48.el7_9.x86_64.rpm
rpm-plugin-systemd-inhibit-4.11.3-48.el7_9.x86_64.rpm
rpm-sign-4.11.3-48.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
rpm-4.11.3-48.el7_9.src.rpm

ppc64:
rpm-4.11.3-48.el7_9.ppc64.rpm
rpm-build-4.11.3-48.el7_9.ppc64.rpm
rpm-build-libs-4.11.3-48.el7_9.ppc.rpm
rpm-build-libs-4.11.3-48.el7_9.ppc64.rpm
rpm-debuginfo-4.11.3-48.el7_9.ppc.rpm
rpm-debuginfo-4.11.3-48.el7_9.ppc64.rpm
rpm-devel-4.11.3-48.el7_9.ppc.rpm
rpm-devel-4.11.3-48.el7_9.ppc64.rpm
rpm-libs-4.11.3-48.el7_9.ppc.rpm
rpm-libs-4.11.3-48.el7_9.ppc64.rpm
rpm-python-4.11.3-48.el7_9.ppc64.rpm
rpm-sign-4.11.3-48.el7_9.ppc64.rpm

ppc64le:
rpm-4.11.3-48.el7_9.ppc64le.rpm
rpm-build-4.11.3-48.el7_9.ppc64le.rpm
rpm-build-libs-4.11.3-48.el7_9.ppc64le.rpm
rpm-debuginfo-4.11.3-48.el7_9.ppc64le.rpm
rpm-devel-4.11.3-48.el7_9.ppc64le.rpm
rpm-libs-4.11.3-48.el7_9.ppc64le.rpm
rpm-python-4.11.3-48.el7_9.ppc64le.rpm
rpm-sign-4.11.3-48.el7_9.ppc64le.rpm

s390x:
rpm-4.11.3-48.el7_9.s390x.rpm
rpm-build-4.11.3-48.el7_9.s390x.rpm
rpm-build-libs-4.11.3-48.el7_9.s390.rpm
rpm-build-libs-4.11.3-48.el7_9.s390x.rpm
rpm-debuginfo-4.11.3-48.el7_9.s390.rpm
rpm-debuginfo-4.11.3-48.el7_9.s390x.rpm
rpm-devel-4.11.3-48.el7_9.s390.rpm
rpm-devel-4.11.3-48.el7_9.s390x.rpm
rpm-libs-4.11.3-48.el7_9.s390.rpm
rpm-libs-4.11.3-48.el7_9.s390x.rpm
rpm-python-4.11.3-48.el7_9.s390x.rpm
rpm-sign-4.11.3-48.el7_9.s390x.rpm

x86_64:
rpm-4.11.3-48.el7_9.x86_64.rpm
rpm-build-4.11.3-48.el7_9.x86_64.rpm
rpm-build-libs-4.11.3-48.el7_9.i686.rpm
rpm-build-libs-4.11.3-48.el7_9.x86_64.rpm
rpm-debuginfo-4.11.3-48.el7_9.i686.rpm
rpm-debuginfo-4.11.3-48.el7_9.x86_64.rpm
rpm-devel-4.11.3-48.el7_9.i686.rpm
rpm-devel-4.11.3-48.el7_9.x86_64.rpm
rpm-libs-4.11.3-48.el7_9.i686.rpm
rpm-libs-4.11.3-48.el7_9.x86_64.rpm
rpm-python-4.11.3-48.el7_9.x86_64.rpm
rpm-sign-4.11.3-48.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
rpm-apidocs-4.11.3-48.el7_9.noarch.rpm
rpm-cron-4.11.3-48.el7_9.noarch.rpm

ppc64:
rpm-debuginfo-4.11.3-48.el7_9.ppc64.rpm
rpm-plugin-systemd-inhibit-4.11.3-48.el7_9.ppc64.rpm

ppc64le:
rpm-debuginfo-4.11.3-48.el7_9.ppc64le.rpm
rpm-plugin-systemd-inhibit-4.11.3-48.el7_9.ppc64le.rpm

s390x:
rpm-debuginfo-4.11.3-48.el7_9.s390x.rpm
rpm-plugin-systemd-inhibit-4.11.3-48.el7_9.s390x.rpm

x86_64:
rpm-debuginfo-4.11.3-48.el7_9.x86_64.rpm
rpm-plugin-systemd-inhibit-4.11.3-48.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
rpm-4.11.3-48.el7_9.src.rpm

x86_64:
rpm-4.11.3-48.el7_9.x86_64.rpm
rpm-build-4.11.3-48.el7_9.x86_64.rpm
rpm-build-libs-4.11.3-48.el7_9.i686.rpm
rpm-build-libs-4.11.3-48.el7_9.x86_64.rpm
rpm-debuginfo-4.11.3-48.el7_9.i686.rpm
rpm-debuginfo-4.11.3-48.el7_9.x86_64.rpm
rpm-devel-4.11.3-48.el7_9.i686.rpm
rpm-devel-4.11.3-48.el7_9.x86_64.rpm
rpm-libs-4.11.3-48.el7_9.i686.rpm
rpm-libs-4.11.3-48.el7_9.x86_64.rpm
rpm-python-4.11.3-48.el7_9.x86_64.rpm
rpm-sign-4.11.3-48.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
rpm-apidocs-4.11.3-48.el7_9.noarch.rpm
rpm-cron-4.11.3-48.el7_9.noarch.rpm

x86_64:
rpm-debuginfo-4.11.3-48.el7_9.x86_64.rpm
rpm-plugin-systemd-inhibit-4.11.3-48.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-20271
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYZ1SBNzjgjWX9erEAQieOQ//aov94+yFfhQklxToOeNHNqnPf0vpTCHS
II0UlPKYJpQo1AP72bzk95ipADQ5zyPhoPJK9uHxj/i9Q5OPG/v61EQN35aKb+kG
d5lQRTxk1HT4V/U5QXtYk7+iKBwTrKtrbK8P5LqBRGFc4gefUPwie9EDSsjQXazR
pseAkpR9+pg0dDcXfJVB6ba3ghG2zVWUvUMLCPrxx+RosSy4XfJxK3UqFXxW9/ZC
7iko5PxdDq1kUDd6x4edawE8FljAtyivDDs38GsTr0J5CfoZLwQVXzQuanC+cm8b
EufTBEMqXAHDHNn67b2gH9OrVukqkZx9JjPjHPEvHoLWE9CP7RlyFu1saz0SMLiI
o0w0zzCYZycBi5H72fBEph99gNhuCukfGeKrhEXLtY4c82rPcLKFby5ea6RsR21s
XkhkFhEAlWF4j0vaW8EcXK34JwOrZVr65dXKAxz6rCkamJrfW7IetLCXtHpHpvtv
89TzQN5EQpNrN46yUU7Hk/ycTeX73TDXiD0eL/W9BWGJjxEUEnBesB348Nd8bqID
9G3rrjGewfVcEUj0moVflNp6NJpRSK9uCHUaaDJ0Eg/tTXqI3QPi3tTpgyj7vTOa
z3szjgnhC2ILccjMjVTrOhopW+474CixAv53QN1QmZbM6L42GFqucdxOld/LjMqk
oetFsKV1cF0=
=J3KR
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 240 files
Ubuntu 62 files
Debian 22 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Andrey Stoykov 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,169)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,011)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,372)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,008)
UNIX (9,481)
UnixWare (188)
Windows (6,785)
Other

Red Hat Security Advisory 2021-4785-01

Red Hat Security Advisory 2021-4785-01

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2021-4785-01

Share This

Red Hat Security Advisory 2021-4785-01

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems