ELSA-2024-0463

ELSA-2024-0463 - rpm security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2024-01-25

Description

[4.16.1.3-27]
- TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)
- races with chown/chmod/capabilities calls during installation (CVE-2021-35938)
- checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)

Related CVEs

CVE-2021-35937

CVE-2021-35939

CVE-2021-35938

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 9 (aarch64)	rpm-4.16.1.3-27.el9_3.src.rpm	8e06a337822fd8f5ce7d15b066a7bf52c3396c0b43ee719939ee82ef2c412a58	-	ol9_aarch64_appstream
	rpm-4.16.1.3-27.el9_3.src.rpm	8e06a337822fd8f5ce7d15b066a7bf52c3396c0b43ee719939ee82ef2c412a58	-	ol9_aarch64_baseos_latest
	python3-rpm-4.16.1.3-27.el9_3.aarch64.rpm	fff869f7563e36a606484f21fe052784822a8fa8dbad6cd8a5e11009eff588dd	-	ol9_aarch64_baseos_latest
	rpm-4.16.1.3-27.el9_3.aarch64.rpm	e1b2f9999d7b74dc850aeef13b046c3e879a178d1802a90a2d17cb9e439e3447	-	ol9_aarch64_baseos_latest
	rpm-apidocs-4.16.1.3-27.el9_3.noarch.rpm	8a54dce1eac406893371deea0c2765575dabf758ecf249a58f72d2dd72561431	-	ol9_aarch64_appstream
	rpm-build-4.16.1.3-27.el9_3.aarch64.rpm	62e4c6d1bd80a6b666b228c1b29d101b8af346672479789ab3cd3a8a2e89eb0e	-	ol9_aarch64_appstream
	rpm-build-libs-4.16.1.3-27.el9_3.aarch64.rpm	03daffadf1089578b8e6d32f42a0e3838e337e9fcf5c66f49aebeb9bd388255c	-	ol9_aarch64_baseos_latest
	rpm-cron-4.16.1.3-27.el9_3.noarch.rpm	d7178a8ee64e8ab6dfdecaa19c5062b680565d751e9356e19051e6a6de668bac	-	ol9_aarch64_appstream
	rpm-devel-4.16.1.3-27.el9_3.aarch64.rpm	7bff4358425e8ab9a3f074e1d79fafaa16d8d69c71c3c1c6e883a6cd7efdd643	-	ol9_aarch64_appstream
	rpm-libs-4.16.1.3-27.el9_3.aarch64.rpm	9727e948d1c33c6a9347aef09248ad827c37c143462358134696acc63d66dacf	-	ol9_aarch64_baseos_latest
	rpm-plugin-audit-4.16.1.3-27.el9_3.aarch64.rpm	39b8d714c05abed2b1e378ef026484c83129cbaa6e7b9dd721fb0b95b3cd8f35	-	ol9_aarch64_baseos_latest
	rpm-plugin-fapolicyd-4.16.1.3-27.el9_3.aarch64.rpm	2974934335ccf4c29690cf82f007f527cc32bcac58d224c5194819c6a491dcd4	-	ol9_aarch64_appstream
	rpm-plugin-ima-4.16.1.3-27.el9_3.aarch64.rpm	391ad6179ef500640e5f7d1d8fa91c01d525d20f0a6d063cac1d3dfd931eb835	-	ol9_aarch64_appstream
	rpm-plugin-selinux-4.16.1.3-27.el9_3.aarch64.rpm	178667f1a1fcbe4fa33989fd6cea185cd40843084783f481b1d9df195509d9b9	-	ol9_aarch64_baseos_latest
	rpm-plugin-syslog-4.16.1.3-27.el9_3.aarch64.rpm	c208d6d61a85cbdd27519a2258140bd49f902f360b7d04f7f56cbd1381ea29fa	-	ol9_aarch64_appstream
	rpm-plugin-systemd-inhibit-4.16.1.3-27.el9_3.aarch64.rpm	d0c9ff5513c5ba5e90e9e8e456c6bc70f00a604fe3b8c3a36965979878afe294	-	ol9_aarch64_appstream
	rpm-sign-4.16.1.3-27.el9_3.aarch64.rpm	f1e27bf47566d39265ae9c1f43a320ee43a9e409830a6fceac3c83a5be55e2f3	-	ol9_aarch64_baseos_latest
	rpm-sign-libs-4.16.1.3-27.el9_3.aarch64.rpm	90be2671b812f528358ba10b41530e69578b2b5c57faf0809b5d56eea81c9ee5	-	ol9_aarch64_baseos_latest
Oracle Linux 9 (x86_64)	rpm-4.16.1.3-27.el9_3.src.rpm	8e06a337822fd8f5ce7d15b066a7bf52c3396c0b43ee719939ee82ef2c412a58	-	ol9_x86_64_appstream
	rpm-4.16.1.3-27.el9_3.src.rpm	8e06a337822fd8f5ce7d15b066a7bf52c3396c0b43ee719939ee82ef2c412a58	-	ol9_x86_64_baseos_latest
	python3-rpm-4.16.1.3-27.el9_3.x86_64.rpm	95c0d0a6904b8c5e33d6402877863c1c7339e34bc93b4c39c346ba91d141ea89	-	ol9_x86_64_baseos_latest
	rpm-4.16.1.3-27.el9_3.x86_64.rpm	2e4869bbcd3d74fc7fe4c6ad1af1d10a1276ff71d8d7d0a52ba3dca592602bdb	-	ol9_x86_64_baseos_latest
	rpm-apidocs-4.16.1.3-27.el9_3.noarch.rpm	8a54dce1eac406893371deea0c2765575dabf758ecf249a58f72d2dd72561431	-	ol9_x86_64_appstream
	rpm-build-4.16.1.3-27.el9_3.x86_64.rpm	217d8c8b750961ce00e75b031ed359064f767a71c96b679a56a081674b90d237	-	ol9_x86_64_appstream
	rpm-build-libs-4.16.1.3-27.el9_3.i686.rpm	b0124dcdc22c717fc83a1076db58ad79c1df8c0c0212d8fc6716807cd84560dc	-	ol9_x86_64_baseos_latest
	rpm-build-libs-4.16.1.3-27.el9_3.x86_64.rpm	6c162ec168a592f057ec461bb360de5fc6d8f2db36e15fd245d00bdf55c6d8c7	-	ol9_x86_64_baseos_latest
	rpm-cron-4.16.1.3-27.el9_3.noarch.rpm	d7178a8ee64e8ab6dfdecaa19c5062b680565d751e9356e19051e6a6de668bac	-	ol9_x86_64_appstream
	rpm-devel-4.16.1.3-27.el9_3.i686.rpm	dc985fadda3b2534364152110cbadc6e1cda26ed7cd51d6952d1dca534925309	-	ol9_x86_64_appstream
	rpm-devel-4.16.1.3-27.el9_3.x86_64.rpm	12467c345fbef3dc56fa605817ebe7b609780ce9ef3574dd176e30c3f394c4d8	-	ol9_x86_64_appstream
	rpm-libs-4.16.1.3-27.el9_3.i686.rpm	2af8d25138181408394b32d06d37416623963418f8ce82d4c3c9b5f158186d8a	-	ol9_x86_64_baseos_latest
	rpm-libs-4.16.1.3-27.el9_3.x86_64.rpm	93d1a5a31a64bb6aed6f0822ecb01e042255bbedec6f2d4d976cd7a2eae5ed29	-	ol9_x86_64_baseos_latest
	rpm-plugin-audit-4.16.1.3-27.el9_3.x86_64.rpm	98b16544c12212e9729282e18af02b83e7f57f9ca2ad9520201e8bcece293815	-	ol9_x86_64_baseos_latest
	rpm-plugin-fapolicyd-4.16.1.3-27.el9_3.x86_64.rpm	24948610bacf4b53e9768e43a1a7512d119dc60fbf6b78fa432ec4e6786e1d58	-	ol9_x86_64_appstream
	rpm-plugin-ima-4.16.1.3-27.el9_3.x86_64.rpm	8a4029f88bee3926707b0c04e24a2dffd01805f903c33d6aec7d3efa7af76f26	-	ol9_x86_64_appstream
	rpm-plugin-selinux-4.16.1.3-27.el9_3.x86_64.rpm	ee11d27ad7b5cb762a7efb94b69fa14863820d24750940393fb987d0dfbeb961	-	ol9_x86_64_baseos_latest
	rpm-plugin-syslog-4.16.1.3-27.el9_3.x86_64.rpm	8c8688eca61b2c17724762231306b051461ac38ebce55a0319fd652e06b50090	-	ol9_x86_64_appstream
	rpm-plugin-systemd-inhibit-4.16.1.3-27.el9_3.x86_64.rpm	f310045207e9d4db0923b652f4ed6abddef0353994249d73b899e1329817c120	-	ol9_x86_64_appstream
	rpm-sign-4.16.1.3-27.el9_3.x86_64.rpm	a4a7275bb402fa8d7b6897f11b20b70c01f394bcdeb54d28e25e6799b3e19a53	-	ol9_x86_64_baseos_latest
	rpm-sign-libs-4.16.1.3-27.el9_3.i686.rpm	fccffca651f02e25da32c979664eea43d9fa0f6aac3582b030e650aeb96409db	-	ol9_x86_64_baseos_latest
	rpm-sign-libs-4.16.1.3-27.el9_3.x86_64.rpm	74e9a60e5f0098d51e4cfa792bc54092fe62de60a84de4f64a6b497fb46fa997	-	ol9_x86_64_baseos_latest

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team