rpm-ostree & rpm-ostree-client fail to check GPG signatures, leading to acceptance of unsigned or badly signed packages. Partially mitigated on RHEL Atomic Host.
Reporter | Title | Published | Views | Family All 13 |
---|---|---|---|---|
![]() | CVE-2017-2623 | 3 Mar 201700:18 | – | redhatcve |
![]() | RHEL 7 : rpm-ostree and rpm-ostree-client (RHSA-2017:0444) | 6 Mar 201700:00 | – | nessus |
![]() | Fedora 24 : rpm-ostree (2017-788129b61c) | 22 Mar 201700:00 | – | nessus |
![]() | Fedora 25 : rpm-ostree (2017-003fa5648c) | 21 Mar 201700:00 | – | nessus |
![]() | Fedora Update for rpm-ostree FEDORA-2017-003fa5648c | 21 Mar 201700:00 | – | openvas |
![]() | Fedora Update for rpm-ostree FEDORA-2017-788129b61c | 21 Mar 201700:00 | – | openvas |
![]() | CVE-2017-2623 | 27 Jul 201818:00 | – | cvelist |
![]() | [SECURITY] Fedora 24 Update: rpm-ostree-2017.3-2.fc24 | 21 Mar 201702:50 | – | fedora |
![]() | [SECURITY] Fedora 25 Update: rpm-ostree-2017.3-2.fc25 | 21 Mar 201703:22 | – | fedora |
![]() | Default credentials | 27 Jul 201818:29 | – | prion |
[
{
"product": "rpm-ostree,",
"vendor": "Project Atomic",
"versions": [
{
"status": "affected",
"version": "2017.3"
}
]
}
]
Source | Link |
---|---|
bugzilla | www.bugzilla.redhat.com/show_bug.cgi |
access | www.access.redhat.com/errata/RHSA-2017:0444 |
securityfocus | www.securityfocus.com/bid/96558 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo