Marc Ewing and Erik Troan, early Red Hat founding programmers, established RPM in 1995. For Red Hat Linux-based distributions such as Red Hat Enterprise Linux (RHEL), CentOS Stream, AlmaLinux OS, and Rocky Linux, this software package management system became the usual way to distribute software. Unfortunately, it has a severe security flaw at its core.
In March 2021, Dmitry Antipov, a Linux developer at CloudLinux, AlmaLinux OS’s parent business, discovered the bug. RPM would work with unlicensed RPM packages, according to Antipov. This meant that unsigned packages or packages signed with revoked keys may be discreetly patched or updated without warning, even if they weren’t kosher.
To Read More: ZDNet