hawkey-man-0.63.1-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10934 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z hawkey-man-0.63.1-1.2 on GA media These are all security issues fixed in the hawkey-man-0.63.1-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10934 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10934 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-3445/ SUSE CVE CVE-2021-3445 page openSUSE Tumbleweed hawkey-man-0.63.1-1.2 libdnf-devel-0.63.1-1.2 libdnf-repo-config-zypp-0.63.1-1.2 libdnf2-0.63.1-1.2 python3-hawkey-0.63.1-1.2 python3-libdnf-0.63.1-1.2 hawkey-man-0.63.1-1.2 as a component of openSUSE Tumbleweed libdnf-devel-0.63.1-1.2 as a component of openSUSE Tumbleweed libdnf-repo-config-zypp-0.63.1-1.2 as a component of openSUSE Tumbleweed libdnf2-0.63.1-1.2 as a component of openSUSE Tumbleweed python3-hawkey-0.63.1-1.2 as a component of openSUSE Tumbleweed python3-libdnf-0.63.1-1.2 as a component of openSUSE Tumbleweed A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2021-3445 openSUSE Tumbleweed:hawkey-man-0.63.1-1.2 openSUSE Tumbleweed:libdnf-devel-0.63.1-1.2 openSUSE Tumbleweed:libdnf-repo-config-zypp-0.63.1-1.2 openSUSE Tumbleweed:libdnf2-0.63.1-1.2 openSUSE Tumbleweed:python3-hawkey-0.63.1-1.2 openSUSE Tumbleweed:python3-libdnf-0.63.1-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3445.html CVE-2021-3445 https://bugzilla.suse.com/1183779 SUSE Bug 1183779 https://bugzilla.suse.com/1184501 SUSE Bug 1184501