dnf security and bug fix update

エラータID: AXSA:2022-2892:01

Release date: 
Wednesday, January 5, 2022 - 09:53
Subject: 
dnf security and bug fix update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

dnf is a package manager that allows users to manage packages on their systems. It supports RPMs, modules and comps groups & environments.

Security Fix(es):

* libdnf: Signature verification bypass via signature placed in the main RPM header (CVE-2021-3445)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-3445
A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

Solution: 

Update packages.

CVEs: 
CVE-2021-3445
A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.
Additional Info: 

N/A

Download: 

SRPMS
  1. dnf-plugins-core-4.0.21-3.el8.src.rpm
    MD5: ec53aabb9a323c0aec174ce332eac804
    SHA-256: 3b71b263e59fbc5bc187595127f8990450056187246a5c92dd76730a76e37b2a
    Size: 373.16 kB
  2. dnf-4.7.0-4.el8.src.rpm
    MD5: 8a2ae4157b272fd43ceceb124ad6190c
    SHA-256: ee37f33e323224156ed63612940f9dbbe8f2896fb5853716731d6317eede32fa
    Size: 2.03 MB
  3. libdnf-0.63.0-3.el8.ML.1.src.rpm
    MD5: 951c750066f950cece125a2dcb6a57e7
    SHA-256: a5826d0e2fb86ecaaf7ab99d53687e42d3f0595439532e45a1d207518f0ad56e
    Size: 1.11 MB

Asianux Server 8 for x86_64
  1. dnf-plugins-core-4.0.21-3.el8.noarch.rpm
    MD5: 84dbf610d953537239707a88ff265ea7
    SHA-256: df9323ab7f1756a77073b97b76a267d6e05093cf87ff344f111a1d698c896efd
    Size: 68.93 kB
  2. python3-dnf-plugin-post-transaction-actions-4.0.21-3.el8.noarch.rpm
    MD5: a2c332c1ec017dfb53025f79d94fed47
    SHA-256: 675a11723c69ece892d925524f7f57222dcd563d769dd06db873ef717b4c80d1
    Size: 53.52 kB
  3. python3-dnf-plugin-versionlock-4.0.21-3.el8.noarch.rpm
    MD5: 3aed175a3cbff1e60af403b0603f23fc
    SHA-256: f2f1c794d6991b997c28559408e0355dc51f3a129ae60a4f3d72d8d8257d67d8
    Size: 61.41 kB
  4. python3-dnf-plugins-core-4.0.21-3.el8.noarch.rpm
    MD5: 186961d58c25ff77ac1e7e0f81255936
    SHA-256: c8625996b28469254bc382cc20d829f895c46a329aa1e18f07a326f2d560eb19
    Size: 233.00 kB
  5. yum-utils-4.0.21-3.el8.noarch.rpm
    MD5: a224a7b27207d363faef5f822366352c
    SHA-256: e4deb6a6c52ca7b51deab5b2671b12bf1e90a4a3ee40146588fe14da8023dee2
    Size: 71.44 kB
  6. dnf-4.7.0-4.el8.noarch.rpm
    MD5: aa3558630fd3c71e6aa389745a5a9c5c
    SHA-256: 6ab2d4c7cee3db3f03ba58d642fe5e85d7d30143f028cbfc9cc8a8fa7a6158bd
    Size: 542.82 kB
  7. dnf-automatic-4.7.0-4.el8.noarch.rpm
    MD5: d8e3d50a45816addd69d9a77825352ce
    SHA-256: 79f0876fc9152870222027b8e32266b4cb17919f4c9b09aea57c7111e8390fcd
    Size: 148.63 kB
  8. dnf-data-4.7.0-4.el8.noarch.rpm
    MD5: 76bd8beb86095c5214e7c7288e2eb088
    SHA-256: 5f9cfaaf8b5b42820aafd2e5c3c89f8cd275a8749b38aaefdf9f2eb16dda06c2
    Size: 152.78 kB
  9. python3-dnf-4.7.0-4.el8.noarch.rpm
    MD5: 477b7a3797dc03cd979b2ae1f53df9d4
    SHA-256: b3c68bdf235da3a93aa4d0ce1cdb0fc0c41be40cf1d7bcf22d760c8412c241dd
    Size: 543.71 kB
  10. yum-4.7.0-4.el8.noarch.rpm
    MD5: 63f51f3c990ea8972e1aa87b6024717c
    SHA-256: a61b2bdb70a7455911c3da9af7bf65e4a49a6f68dd2eebeaf3e6d92478c71307
    Size: 202.20 kB
  11. libdnf-0.63.0-3.el8.ML.1.x86_64.rpm
    MD5: 9a0a598ced3f9f30d407acd4506f25ef
    SHA-256: 8d4153fd0eb0ce2c5fd67b20282e74ee480bd120fa74579f781ecdc8b9591336
    Size: 698.90 kB
  12. libdnf-devel-0.63.0-3.el8.ML.1.x86_64.rpm
    MD5: 1ef53599d56e261f1e7552f79f37271c
    SHA-256: 4a8fb63f76e3f5906a539cd226e2eb3eb16f64f8bafea7b325740bb831cac95a
    Size: 64.12 kB
  13. python3-hawkey-0.63.0-3.el8.ML.1.x86_64.rpm
    MD5: 41acd46b6fb1d777542e2117bcb614b9
    SHA-256: 7399b9f43e08a05b96eec5c134b0022a55ba1a8c3320c3d19fab030d37f71179
    Size: 115.21 kB
  14. python3-libdnf-0.63.0-3.el8.ML.1.x86_64.rpm
    MD5: 66b0cb9590771ee2f33663275b92afe3
    SHA-256: 5adbcdd76257e33d26037367bf8e4caa4db335c4aaac14821833be8054351bc3
    Size: 776.38 kB
  15. libdnf-0.63.0-3.el8.ML.1.i686.rpm
    MD5: 736c03e789455da7ea56d4c8860bbf2e
    SHA-256: 7aa9aad22077c226244bc2548e9899fd951dd3c02345ade5f94dc3877243dc42
    Size: 754.14 kB
  16. libdnf-devel-0.63.0-3.el8.ML.1.i686.rpm
    MD5: b52e05a356ab6c2f324721226541f7fe
    SHA-256: aaa7b0ae3c80d90fa2026d58515127c67aa3d90ebd08b3c283e310d9850555ce
    Size: 64.15 kB