MGASA-2021-0167

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0167.html

Import Source

https://advisories.mageia.org/MGASA-2021-0167.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0167

Related

Published

2021-04-02T10:16:21Z

Modified

2021-04-02T09:21:41Z

Summary

Updated rpm packages fix security vulnerabilities

Details

This update from 4.16.1.2 to 4.16.1.3 fixes bugs several bugs the RPM package manager, including several security issues: * Fix arbitrary data copied from signature header past signature checking (CVE-2021-3421) * Fix signature check bypass with corrupted package (CVE-2021-20271) * Fix missing bounds checks in headerImport() and headerCheck() (CVE-2021-20266) * Fix missing sanity checks on header entry count and region data overlap * Fix access past end of header if the last entry is string type * Fix unsafe headerCopyLoad() still used in codebase

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2021-0167

Affected packages