N/A

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

N/A

对数据真实性的验证不充分

Red Hat Package Manager 数据伪造问题漏洞

Red Hat Package Manager是美国红帽（Red Hat）公司的一种用于互联网下载包的打包及安装工具。它包含在某些Linux分发版中。它生成具有.RPM扩展名的文件。与Dpkg类似。 Red Hat Package Manager存在数据伪造问题漏洞，该漏洞允许攻击者说服受害者安装一个看似可验证的包，其签名头被修改，从而导致RPM数据库损坏。

N/A

N/A