{"id":"RLSA-2021:4464","summary":"Moderate: dnf security and bug fix update","details":"dnf is a package manager that allows users to manage packages on their systems. It supports RPMs, modules and comps groups & environments.\n\nSecurity Fix(es):\n\n* libdnf: Signature verification bypass via signature placed in the main RPM header (CVE-2021-3445)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.","modified":"2026-02-04T22:15:08.416953Z","published":"2021-11-09T09:25:37Z","upstream":["CVE-2021-3445"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2021:4464"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1804234"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1818118"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847035"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1893176"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898293"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1904490"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1906970"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913962"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914827"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1918475"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1926261"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1926771"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1929163"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1929667"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932079"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1934499"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1940345"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1951409"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1951411"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1951414"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1957280"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961632"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961633"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961634"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1967454"}],"affected":[{"package":{"name":"dnf","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/dnf?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.0-4.el8"}],"database_specific":{"yum_repository":"BaseOS"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4464.json"}},{"package":{"name":"dnf-plugins-core","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/dnf-plugins-core?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.0.21-3.el8"}],"database_specific":{"yum_repository":"BaseOS"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4464.json"}},{"package":{"name":"libdnf","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/libdnf?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.63.0-3.el8"}],"database_specific":{"yum_repository":"BaseOS"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4464.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}