{"affected":[{"ecosystem_specific":{"binaries":[{"rpm-devel":"4.11.2-16.26.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP5","name":"rpm","purl":"pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.11.2-16.26.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python3-rpm":"4.11.2-16.26.1","rpm":"4.11.2-16.26.1","rpm-32bit":"4.11.2-16.26.1","rpm-build":"4.11.2-16.26.1","rpm-python":"4.11.2-16.26.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5","name":"python3-rpm","purl":"pkg:rpm/suse/python3-rpm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.11.2-16.26.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python3-rpm":"4.11.2-16.26.1","rpm":"4.11.2-16.26.1","rpm-32bit":"4.11.2-16.26.1","rpm-build":"4.11.2-16.26.1","rpm-python":"4.11.2-16.26.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5","name":"rpm","purl":"pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.11.2-16.26.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python3-rpm":"4.11.2-16.26.1","rpm":"4.11.2-16.26.1","rpm-32bit":"4.11.2-16.26.1","rpm-build":"4.11.2-16.26.1","rpm-python":"4.11.2-16.26.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5","name":"rpm-python","purl":"pkg:rpm/suse/rpm-python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.11.2-16.26.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python3-rpm":"4.11.2-16.26.1","rpm":"4.11.2-16.26.1","rpm-32bit":"4.11.2-16.26.1","rpm-build":"4.11.2-16.26.1","rpm-python":"4.11.2-16.26.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP5","name":"python3-rpm","purl":"pkg:rpm/suse/python3-rpm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.11.2-16.26.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python3-rpm":"4.11.2-16.26.1","rpm":"4.11.2-16.26.1","rpm-32bit":"4.11.2-16.26.1","rpm-build":"4.11.2-16.26.1","rpm-python":"4.11.2-16.26.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP5","name":"rpm","purl":"pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.11.2-16.26.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python3-rpm":"4.11.2-16.26.1","rpm":"4.11.2-16.26.1","rpm-32bit":"4.11.2-16.26.1","rpm-build":"4.11.2-16.26.1","rpm-python":"4.11.2-16.26.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP5","name":"rpm-python","purl":"pkg:rpm/suse/rpm-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.11.2-16.26.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for rpm fixes the following issues:\n\n- Fixed PGP parsing bugs (bsc#1185299).\n- Fixed various format handling bugs (bsc#996280).\n- CVE-2021-3421: Fixed vulnerability where unsigned headers could be injected into the rpm database (bsc#1183543). \n- CVE-2021-20271: Fixed vulnerability where a corrupted rpm could corrupt the rpm database (bsc#1183545).\n- CVE-2021-20266: Fixed missing bounds check in hdrblobInit (bsc#1183632).\n\nBugfixes:\n\n- Fixed deadlock when multiple rpm processes tried to acquire the database lock (bsc#1183659).\n","id":"SUSE-SU-2022:3939-1","modified":"2022-11-10T13:32:14Z","published":"2022-11-10T13:32:14Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20223939-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183543"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183545"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183632"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183659"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185299"},{"type":"REPORT","url":"https://bugzilla.suse.com/996280"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-20266"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-20271"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3421"}],"related":["CVE-2021-20266","CVE-2021-20271","CVE-2021-3421"],"summary":"Security update for rpm","upstream":["CVE-2021-20266","CVE-2021-20271","CVE-2021-3421"]}