VYPR

rpm package

suse/python-rpm&distro=SUSE Manager Server 4.3

pkg:rpm/suse/python-rpm&distro=SUSE%20Manager%20Server%204.3

Vulnerabilities (1)

  • CVE-2021-3521Aug 22, 2022
    affected < 4.14.3-150400.59.16.1fixed 4.14.3-150400.59.16.1

    There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a ma