Test ID:	1.3.6.1.4.1.25623.1.1.2.2023.1335
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2023-1335)
Summary:	The remote host is missing an update for the Huawei EulerOS 'rpm' package(s) announced via the EulerOS-SA-2023-1335 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'rpm' package(s) announced via the EulerOS-SA-2023-1335 advisory. Vulnerability Insight: There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a 'binding signature.' RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources.(CVE-2021-3521) Affected Software/OS: 'rpm' package(s) on Huawei EulerOS V2.0SP8. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:L/AC:H/Au:N/C:N/I:C/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-3521 GLSA-202210-22 https://security.gentoo.org/glsa/202210-22 https://access.redhat.com/security/cve/CVE-2021-3521 https://bugzilla.redhat.com/show_bug.cgi?id=1941098 https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8 https://github.com/rpm-software-management/rpm/pull/1795/
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.