Saturday, January 29, 2022

Huawei EulerOS: CVE-2021-3521: rpm security update

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature."[1] RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. 1.
  • huawei-euleros-2_0_sp9-upgrade-python3-rpm
  • huawei-euleros-2_0_sp9-upgrade-rpm
  • huawei-euleros-2_0_sp9-upgrade-rpm-libs
  • huawei-euleros-2_0_sp9-upgrade-rpm-plugin-systemd-inhibit

  • References
  • CVE - 2021-3521
  • EulerOS-SA-2022-1035


    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore