REDHAT-BUG-1934125: Medium severity rpm package manager vulnerability
Published Mar 2, 2021
·Updated
A flaw was found in rpm. Given an RPM package signed by a trusted key, it is possible to modify it such that it still passes signature checks, but installing it corrupts the rpmdb.
Affected Software
1 affected component
RPM RPM Package Manager
Event History
Mar 2, 2021
Data Sourced
via Red Hat·02:55 PM
DescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of REDHAT-BUG-1934125?
The severity of REDHAT-BUG-1934125 is considered high due to the potential for RPM package corruption.
2
How do I fix REDHAT-BUG-1934125?
To fix REDHAT-BUG-1934125, update RPM Package Manager to the latest version provided by your distribution.
3
What types of vulnerabilities does REDHAT-BUG-1934125 address?
REDHAT-BUG-1934125 addresses vulnerabilities related to signature verification in RPM packages.
4
Who is affected by REDHAT-BUG-1934125?
Users and systems running affected versions of RPM Package Manager are at risk due to REDHAT-BUG-1934125.
5
Is there a workaround for REDHAT-BUG-1934125?
There are no official workarounds for REDHAT-BUG-1934125; updating the software is the recommended action.