An update for rpm is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1163 Final 1.0 1.0 2021-05-06 Initial 2021-05-06 2021-05-06 openEuler SA Tool V1.0 2021-05-06 rpm security update An update for rpm is now available for openEuler-20.03-LTS-SP1. The RPM Package Manager (RPM) is a powerful package management system capability as below -building computer software from source into easily distributable packages -installing, updating and uninstalling packaged software -querying detailed information about the packaged software, whether installed or not -verifying integrity of packaged software and resulting software installation Security Fix(es): A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.(CVE-2021-20271) An update for rpm is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High rpm https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1163 https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-20271 https://nvd.nist.gov/vuln/detail/CVE-2021-20271 openEuler-20.03-LTS-SP1 rpm-build-4.15.1-20.oe1.aarch64.rpm rpm-libs-4.15.1-20.oe1.aarch64.rpm rpm-4.15.1-20.oe1.aarch64.rpm python3-rpm-4.15.1-20.oe1.aarch64.rpm python2-rpm-4.15.1-20.oe1.aarch64.rpm rpm-debuginfo-4.15.1-20.oe1.aarch64.rpm rpm-debugsource-4.15.1-20.oe1.aarch64.rpm rpm-devel-4.15.1-20.oe1.aarch64.rpm rpm-help-4.15.1-20.oe1.noarch.rpm rpm-4.15.1-20.oe1.src.rpm rpm-debugsource-4.15.1-20.oe1.x86_64.rpm rpm-debuginfo-4.15.1-20.oe1.x86_64.rpm rpm-devel-4.15.1-20.oe1.x86_64.rpm python2-rpm-4.15.1-20.oe1.x86_64.rpm rpm-build-4.15.1-20.oe1.x86_64.rpm python3-rpm-4.15.1-20.oe1.x86_64.rpm rpm-4.15.1-20.oe1.x86_64.rpm rpm-libs-4.15.1-20.oe1.x86_64.rpm A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. 2021-05-06 CVE-2021-20271 openEuler-20.03-LTS-SP1 High 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H rpm security update 2021-05-06 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1163