CVE-2016-3696

CVE-2016-3696 concerns Pulp prior to 2.8.5 where the pulp-qpid-ssl-cfg script can leak the CA key to local users. The linked OpenVAS/NVD entries confirm exposure via the pulp-qpid-ssl-cfg handling, with impact limited to confidentiality of the CA key (no broader compromise described). Red Hat adv...

Fedora Update for pulp-ostree FEDORA-2016-4373f7d32a

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 24 : pulp / pulp-docker / pulp-ostree / pulp-puppet / pulp-python / etc (2016-4373f7d32a)

2.8.6 is a security and bugfix release. Included in the list of fixed issues in 2.8.5 are two CVEs : - CVE-2016-3696: Leakage of CA key in pulp-qpid-ssl-cfg - CVE-2016-3704: Unsafe use of bash $RANDOM for NSS DB password and seed Several issues with database migrations are also addressed in this...