A flaw was found in RPMs signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rpm | Rpm | 4.15.0 (including) | 4.15.1.3 (excluding) |
| Rpm | Rpm | 4.16.0 (including) | 4.16.1.3 (excluding) |
| Rpm | Rpm | 4.15.0-alpha (including) | 4.15.0-alpha (including) |
| Rpm | Rpm | 4.15.0-beta1 (including) | 4.15.0-beta1 (including) |
| Rpm | Rpm | 4.15.0-rc1 (including) | 4.15.0-rc1 (including) |
| Rpm | Rpm | 4.16.0-alpha (including) | 4.16.0-alpha (including) |
| Rpm | Rpm | 4.16.0-beta2 (including) | 4.16.0-beta2 (including) |
| Rpm | Rpm | 4.16.0-beta3 (including) | 4.16.0-beta3 (including) |
| Rpm | Rpm | 4.16.0-rc1 (including) | 4.16.0-rc1 (including) |
| Red Hat Enterprise Linux 7 | RedHat | rpm-0:4.11.3-48.el7_9 | * |
| Red Hat Enterprise Linux 7.6 Advanced Update Support | RedHat | rpm-0:4.11.3-35.el7_6.2 | * |
| Red Hat Enterprise Linux 7.6 Telco Extended Update Support | RedHat | rpm-0:4.11.3-35.el7_6.2 | * |
| Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions | RedHat | rpm-0:4.11.3-35.el7_6.2 | * |
| Red Hat Enterprise Linux 7.7 Advanced Update Support | RedHat | rpm-0:4.11.3-40.el7_7.1 | * |
| Red Hat Enterprise Linux 7.7 Telco Extended Update Support | RedHat | rpm-0:4.11.3-40.el7_7.1 | * |
| Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions | RedHat | rpm-0:4.11.3-40.el7_7.1 | * |
| Red Hat Enterprise Linux 8 | RedHat | rpm-0:4.14.3-14.el8_4 | * |
| Red Hat Enterprise Linux 8 | RedHat | rpm-0:4.14.3-14.el8_4 | * |
| Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | rpm-0:4.14.2-38.el8_2 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-controller-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-log-reader-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-must-gather-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-operator-bundle:v1.4.6-5 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-registry-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-rsync-transfer-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-ui-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-velero-plugin-for-aws-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8:v1.4.6-3 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-velero-restic-restore-helper-rhel8:v1.4.6-5 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-velero-rhel8:v1.4.6-5 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-velero-plugin-rhel8:v1.4.6-4 | * |
| Rpm | Ubuntu | bionic | * |
| Rpm | Ubuntu | esm-apps/bionic | * |
| Rpm | Ubuntu | esm-apps/focal | * |
| Rpm | Ubuntu | esm-apps/xenial | * |
| Rpm | Ubuntu | esm-infra-legacy/trusty | * |
| Rpm | Ubuntu | focal | * |
| Rpm | Ubuntu | groovy | * |
| Rpm | Ubuntu | hirsute | * |
| Rpm | Ubuntu | impish | * |
| Rpm | Ubuntu | precise/esm | * |
| Rpm | Ubuntu | trusty | * |
| Rpm | Ubuntu | trusty/esm | * |
| Rpm | Ubuntu | upstream | * |
| Rpm | Ubuntu | xenial | * |