{"id":"CLSA-2022-1644869807","summary":"Fix of CVE: CVE-2021-3521, CVE-2021-20266","details":"- CVE-2021-20266: missing length checks in hdrblobInit()\n- CVE-2021-3521: RPM does not require subkeys to have a valid binding signature\n- Address important covscan issues (#1996665, #2022537)","modified":"2026-05-27T11:33:44.653997940Z","published":"2022-02-14T20:16:47Z","upstream":["CVE-2021-20266","CVE-2021-3521"],"references":[{"type":"ADVISORY","url":"https://errata.cloudlinux.com/centos8.4-els/CLSA-2022-1644869807.html"}],"affected":[{"package":{"name":"python3-rpm","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/python3-rpm?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.3-14.el8.4.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1644869807.json"}},{"package":{"name":"rpm","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/rpm?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.3-14.el8.4.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1644869807.json"}},{"package":{"name":"rpm-apidocs","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/rpm-apidocs?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.3-14.el8.4.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1644869807.json"}},{"package":{"name":"rpm-build","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/rpm-build?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.3-14.el8.4.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1644869807.json"}},{"package":{"name":"rpm-build-libs","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/rpm-build-libs?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.3-14.el8.4.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1644869807.json"}},{"package":{"name":"rpm-cron","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/rpm-cron?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.3-14.el8.4.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1644869807.json"}},{"package":{"name":"rpm-devel","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/rpm-devel?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.3-14.el8.4.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1644869807.json"}},{"package":{"name":"rpm-libs","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/rpm-libs?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.3-14.el8.4.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1644869807.json"}},{"package":{"name":"rpm-plugin-fapolicyd","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/rpm-plugin-fapolicyd?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.3-14.el8.4.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1644869807.json"}},{"package":{"name":"rpm-plugin-ima","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/rpm-plugin-ima?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.3-14.el8.4.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1644869807.json"}},{"package":{"name":"rpm-plugin-prioreset","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/rpm-plugin-prioreset?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.3-14.el8.4.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1644869807.json"}},{"package":{"name":"rpm-plugin-selinux","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/rpm-plugin-selinux?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.3-14.el8.4.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1644869807.json"}},{"package":{"name":"rpm-plugin-syslog","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/rpm-plugin-syslog?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.3-14.el8.4.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1644869807.json"}},{"package":{"name":"rpm-plugin-systemd-inhibit","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/rpm-plugin-systemd-inhibit?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.3-14.el8.4.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1644869807.json"}},{"package":{"name":"rpm-sign","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/rpm-sign?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.3-14.el8.4.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1644869807.json"}}],"schema_version":"1.7.5"}