ELSA-2024-0463

ULN >
Oracle Linux Errata repository >
ELSA-2024-0463

ELSA-2024-0463 - rpm security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2024-01-25

Description

[4.16.1.3-27]
- TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)
- races with chown/chmod/capabilities calls during installation (CVE-2021-35938)
- checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)

Related CVEs

CVE-2021-35937

CVE-2021-35939

CVE-2021-35938

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	rpm-4.16.1.3-27.el9_3.src.rpm	3e034f7a874b55b3b309a4835c7072bd	-	ol9_aarch64_appstream
	rpm-4.16.1.3-27.el9_3.src.rpm	3e034f7a874b55b3b309a4835c7072bd	-	ol9_aarch64_baseos_latest
	python3-rpm-4.16.1.3-27.el9_3.aarch64.rpm	752dc828203582db73a69901977cf7fd	-	ol9_aarch64_baseos_latest
	rpm-4.16.1.3-27.el9_3.aarch64.rpm	2be373454acf532e617f14136f1b76c3	-	ol9_aarch64_baseos_latest
	rpm-apidocs-4.16.1.3-27.el9_3.noarch.rpm	ecc4721dec56305c250f69d100f96141	-	ol9_aarch64_appstream
	rpm-build-4.16.1.3-27.el9_3.aarch64.rpm	0b063495533f6018ef8caf142104b29d	-	ol9_aarch64_appstream
	rpm-build-libs-4.16.1.3-27.el9_3.aarch64.rpm	d20a49d43a54e95534d6ad2488a564d6	-	ol9_aarch64_baseos_latest
	rpm-cron-4.16.1.3-27.el9_3.noarch.rpm	67ee2fc958c03ab1d9f9c17f042756ea	-	ol9_aarch64_appstream
	rpm-devel-4.16.1.3-27.el9_3.aarch64.rpm	086204fa08db80a8178912782d55cdc6	-	ol9_aarch64_appstream
	rpm-libs-4.16.1.3-27.el9_3.aarch64.rpm	ff093576c92afb1dc4bfb053cc971500	-	ol9_aarch64_baseos_latest
	rpm-plugin-audit-4.16.1.3-27.el9_3.aarch64.rpm	a1066537fa5aaca747831e6822a53623	-	ol9_aarch64_baseos_latest
	rpm-plugin-fapolicyd-4.16.1.3-27.el9_3.aarch64.rpm	ea93b15564f8f0460ffa042ceae67fbe	-	ol9_aarch64_appstream
	rpm-plugin-ima-4.16.1.3-27.el9_3.aarch64.rpm	e30dd1fe283cb8dc1a4c303210877d86	-	ol9_aarch64_appstream
	rpm-plugin-selinux-4.16.1.3-27.el9_3.aarch64.rpm	d557b4ab31406219da70a56d6b40cb68	-	ol9_aarch64_baseos_latest
	rpm-plugin-syslog-4.16.1.3-27.el9_3.aarch64.rpm	0254225d978ce046e992de92b26299e2	-	ol9_aarch64_appstream
	rpm-plugin-systemd-inhibit-4.16.1.3-27.el9_3.aarch64.rpm	83b730cd70f39aa0b327fb95d37a65fe	-	ol9_aarch64_appstream
	rpm-sign-4.16.1.3-27.el9_3.aarch64.rpm	1dc81b08b9909831746bc7dd7ad95da9	-	ol9_aarch64_baseos_latest
	rpm-sign-libs-4.16.1.3-27.el9_3.aarch64.rpm	e814fbe480ae6f9c66126a900ae8950c	-	ol9_aarch64_baseos_latest

Oracle Linux 9 (x86_64)	rpm-4.16.1.3-27.el9_3.src.rpm	3e034f7a874b55b3b309a4835c7072bd	-	ol9_x86_64_appstream
	rpm-4.16.1.3-27.el9_3.src.rpm	3e034f7a874b55b3b309a4835c7072bd	-	ol9_x86_64_baseos_latest
	python3-rpm-4.16.1.3-27.el9_3.x86_64.rpm	2ac3ae1c4e1c9c3a18aa46f4cbf0c120	-	ol9_x86_64_baseos_latest
	rpm-4.16.1.3-27.el9_3.x86_64.rpm	ac7b59ab9f83491c6865bce589106b92	-	ol9_x86_64_baseos_latest
	rpm-apidocs-4.16.1.3-27.el9_3.noarch.rpm	ecc4721dec56305c250f69d100f96141	-	ol9_x86_64_appstream
	rpm-build-4.16.1.3-27.el9_3.x86_64.rpm	2b8be20f64ea7e896d11cdf0b8ea240d	-	ol9_x86_64_appstream
	rpm-build-libs-4.16.1.3-27.el9_3.i686.rpm	5efa3e8ce33d990604aa730bd06c6a9b	-	ol9_x86_64_baseos_latest
	rpm-build-libs-4.16.1.3-27.el9_3.x86_64.rpm	d65b5a0cd21449024e691b10070c4951	-	ol9_x86_64_baseos_latest
	rpm-cron-4.16.1.3-27.el9_3.noarch.rpm	67ee2fc958c03ab1d9f9c17f042756ea	-	ol9_x86_64_appstream
	rpm-devel-4.16.1.3-27.el9_3.i686.rpm	d86778e90b91fc75827686fd9fdc4a4f	-	ol9_x86_64_appstream
	rpm-devel-4.16.1.3-27.el9_3.x86_64.rpm	b5ab8f3ffd6eaf244affa5ebde402609	-	ol9_x86_64_appstream
	rpm-libs-4.16.1.3-27.el9_3.i686.rpm	c14978aeca6014c7b0e5756f44cd0e27	-	ol9_x86_64_baseos_latest
	rpm-libs-4.16.1.3-27.el9_3.x86_64.rpm	9944092e5f17e70b55ced278156bcc08	-	ol9_x86_64_baseos_latest
	rpm-plugin-audit-4.16.1.3-27.el9_3.x86_64.rpm	bec47e486a240b3d6344ee7ca06fba0d	-	ol9_x86_64_baseos_latest
	rpm-plugin-fapolicyd-4.16.1.3-27.el9_3.x86_64.rpm	70754693d6f99a978d2c8f875eace2fa	-	ol9_x86_64_appstream
	rpm-plugin-ima-4.16.1.3-27.el9_3.x86_64.rpm	04007d00181f8654540b2b76d4cced50	-	ol9_x86_64_appstream
	rpm-plugin-selinux-4.16.1.3-27.el9_3.x86_64.rpm	77ef7f872674d08228ffb05dbc8bd2e8	-	ol9_x86_64_baseos_latest
	rpm-plugin-syslog-4.16.1.3-27.el9_3.x86_64.rpm	35d458c5c6b245e284d1c71df915db7d	-	ol9_x86_64_appstream
	rpm-plugin-systemd-inhibit-4.16.1.3-27.el9_3.x86_64.rpm	f193f44156c993e2b51eea6511ffc949	-	ol9_x86_64_appstream
	rpm-sign-4.16.1.3-27.el9_3.x86_64.rpm	de0ae3bc15221e685db82845289b0aa6	-	ol9_x86_64_baseos_latest
	rpm-sign-libs-4.16.1.3-27.el9_3.i686.rpm	9406d466610c45ebc3cf2be1205840c5	-	ol9_x86_64_baseos_latest
	rpm-sign-libs-4.16.1.3-27.el9_3.x86_64.rpm	0f7525c77d1666e6f22adc0c8c112819	-	ol9_x86_64_baseos_latest

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691