3 matches found
GLSA-202409-01 : Portage: Unverified PGP Signatures
The remote host is affected by the vulnerability described in GLSA-202409-01 Portage: Unverified PGP Signatures Multiple vulnerabilities have been discovered in Portage. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...
CVE-2016-20021
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable...
CVE-2016-20021
CVE-2016-20021 affects Gentoo Portage prior to 3.0.47, where missing PGP validation of executed code occurs in the webrsync path. The vulnerability arises because the standalone emerge-webrsync downloads a .gpgsig but does not verify its signature, enabling potential tampering if emerge-webrsync ...