{"id":"MGASA-2021-0167","summary":"Updated rpm packages fix security vulnerabilities","details":"This update from 4.16.1.2 to 4.16.1.3 fixes bugs several bugs the RPM\npackage manager, including several security issues:\n* Fix arbitrary data copied from signature header past signature checking\n  (CVE-2021-3421)\n* Fix signature check bypass with corrupted package (CVE-2021-20271)\n* Fix missing bounds checks in headerImport() and headerCheck()\n  (CVE-2021-20266)\n* Fix missing sanity checks on header entry count and region data overlap\n* Fix access past end of header if the last entry is string type\n* Fix unsafe headerCopyLoad() still used in codebase\n","modified":"2026-04-16T00:09:28.514011549Z","published":"2021-04-02T10:16:21Z","upstream":["CVE-2021-20266","CVE-2021-20271","CVE-2021-3421"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0167.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28674"},{"type":"WEB","url":"https://rpm.org/wiki/Releases/4.16.1.3"}],"affected":[{"package":{"name":"rpm","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/rpm?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.16.1.3-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0167.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}