安全公告详情

NS-SA-2024-0064

2024-09-03 09:34:51

简介

moderate: dnf/dnf-plugins-core security update

严重级别

moderate

主题

An update for dnf/dnf-plugins-core is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

dnf:
dnf-plugins-core:


Security Fix(es):
dnf: A flaw was found in libdnf's signature verification functionality. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-3445)
dnf: bugfix
dnf-plugins-core: A flaw was found in libdnf's signature verification functionality. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-3445)
dnf-plugins-core: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.F2B12.

影响组件

  • dnf
  • dnf-plugins-core

影响产品

  • CGSL MAIN 6.02

更新包

{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["dnf-4.7.0-4.el8.cgslv6_2.3.g15b0b4a.noarch.rpm","yum-4.7.0-4.el8.cgslv6_2.3.g15b0b4a.noarch.rpm","dnf-data-4.7.0-4.el8.cgslv6_2.3.g15b0b4a.noarch.rpm","python3-dnf-4.7.0-4.el8.cgslv6_2.3.g15b0b4a.noarch.rpm"],"source":"dnf-4.7.0-4.el8.cgslv6_2.3.g15b0b4a.src.rpm"},{"binary":["yum-utils-4.0.21-3.el8.noarch.rpm","dnf-plugins-core-4.0.21-3.el8.noarch.rpm","python3-dnf-plugins-core-4.0.21-3.el8.noarch.rpm"],"source":"dnf-plugins-core-4.0.21-3.el8.src.rpm"}]}]}
CGSL MAIN 6.02
  • dnf-4.7.0-4.el8.cgslv6_2.3.g15b0b4a.src.rpm
    • dnf-4.7.0-4.el8.cgslv6_2.3.g15b0b4a.noarch.rpm
    • yum-4.7.0-4.el8.cgslv6_2.3.g15b0b4a.noarch.rpm
    • dnf-data-4.7.0-4.el8.cgslv6_2.3.g15b0b4a.noarch.rpm
    • python3-dnf-4.7.0-4.el8.cgslv6_2.3.g15b0b4a.noarch.rpm
  • dnf-plugins-core-4.0.21-3.el8.src.rpm
    • yum-utils-4.0.21-3.el8.noarch.rpm
    • dnf-plugins-core-4.0.21-3.el8.noarch.rpm
    • python3-dnf-plugins-core-4.0.21-3.el8.noarch.rpm

CVE

参考

© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2

全国服务热线:400-033-0108