CVE-2021-3445 – libdnf: Signature verification bypass via signature placed in the main RPM header
https://notcve.org/view.php?id=CVE-2021-3445
A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en la funcionalidad de verificación de firma libdnf's en versiones anteriores a 0.60.1. Este fallo permite a un atacante lograr una ejecución de código si puede alterar la información del encabezado de un paquete RPM y luego engañar a un usuario o sistema para que lo instale. • https://bugzilla.redhat.com/show_bug.cgi?id=1932079 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPMFGGQ5T6WVFTFX3OKMVTTM5O4EXWZR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4NL7TNWAHJ6JVRABQUPWHKKCTHUZMNF https://access.redhat.com/security/cve/CVE-2021-3445 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2021-3421 – rpm: unsigned signature header leads to string injection into an rpm database
https://notcve.org/view.php?id=CVE-2021-3421
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha. Se encontró un fallo en el paquete RPM en la funcionalidad read. • https://bugzilla.redhat.com/show_bug.cgi?id=1927747 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY https://security.gentoo.org/glsa/202107-43 https://access.redhat.com/security/cve/CVE-2021-3421 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2021-20266 – rpm: missing length checks in hdrblobInit()
https://notcve.org/view.php?id=CVE-2021-20266
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. Se detectó un fallo en RPM en la función hdrblobInit() en el archivo lib/header.c. Este fallo permite a un atacante que puede modificar el rpmdb causar una lectura fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1927741 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC https://security.gentoo.org/glsa/202107-43 https://access.redhat.com/security/cve/CVE-2021-20266 • CWE-125: Out-of-bounds Read •
CVE-2021-31414
https://notcve.org/view.php?id=CVE-2021-31414
The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration. La extensión no oficial vscode-rpm-spec versiones anteriores a 0.3.2 para Visual Studio Code, permite una ejecución de código remota por medio de una configuración de espacio de trabajo diseñada • https://github.com/LaurentTreguier/vscode-rpm-spec/commit/e19fb8e29cb48cadfd3238371e060d4ffd3384f9 https://vuln.ryotak.me/advisories/36 •
CVE-2021-20271 – rpm: Signature checks bypass via corrupted rpm package
https://notcve.org/view.php?id=CVE-2021-20271
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. Se detectó un fallo en la funcionalidad de comprobación de firmas de RPM cuando se lee un archivo de paquete. Este fallo permite a un atacante que pueda convencer a una víctima de instalar un paquete aparentemente verificable, cuyo encabezado de firma fue modificado, causar una corrupción de la base de datos de RPM y ejecutar código. • https://bugzilla.redhat.com/show_bug.cgi?id=1934125 https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY https://security.gentoo.org/glsa/ • CWE-345: Insufficient Verification of Data Authenticity •