VULHUB ™

The RPM Package Manager is a command line utility for creating, installing and managing RPM packages. It is available for a wide range of Linux systems. The rpm standard includes support for cryptographic signing of packages. A weakness in the interface of the rpm command may allow packages signed by malicious parties to escape the attention of the user verifying signatures. By default, the '--checksig' command will only verify that the signature is valid for some party trusted by the end user. Information on who has signed the package is not displayed. Detailed feedback is displayed if rpm is invoked with the '-v' or '-vv' flag.

The RPM Package Manager is a command line utility for creating, installing and managing RPM packages. It is available for a wide range of Linux systems. The rpm standard includes support for cryptographic signing of packages. A weakness in the interface of the rpm command may allow packages signed by malicious parties to escape the attention of the user verifying signatures. By default, the '--checksig' command will only verify that the signature is valid for some party trusted by the end user. Information on who has signed the package is not displayed. Detailed feedback is displayed if rpm is invoked with the '-v' or '-vv' flag.