Updated rpm packages fix security vulnerabilities
Publication date: 02 Apr 2021Modification date: 02 Apr 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-3421 , CVE-2021-20266 , CVE-2021-20271
Description
This update from 4.16.1.2 to 4.16.1.3 fixes bugs several bugs the RPM package manager, including several security issues: * Fix arbitrary data copied from signature header past signature checking (CVE-2021-3421) * Fix signature check bypass with corrupted package (CVE-2021-20271) * Fix missing bounds checks in headerImport() and headerCheck() (CVE-2021-20266) * Fix missing sanity checks on header entry count and region data overlap * Fix access past end of header if the last entry is string type * Fix unsafe headerCopyLoad() still used in codebase
References
SRPMS
8/core
- rpm-4.16.1.3-1.mga8