VYPR

rpm package

suse/rpm-ndb&distro=SUSE Linux Enterprise Micro 5.4

pkg:rpm/suse/rpm-ndb&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Vulnerabilities (1)

  • CVE-2021-3521Aug 22, 2022
    affected < 4.14.3-150400.59.16.1fixed 4.14.3-150400.59.16.1

    There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a ma