7 matches found
CVE-2017-2623
The CVE-2017-2623 issue affects rpm-ostree and rpm-ostree-client older than 2017.3, where GPG signatures on layered packages were not checked properly. This could allow unsigned or poorly signed content to be accepted instead of rejected. The severity and impact are described in multiple sources ...
CVE-2017-2623
It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certifica...
Fedora 24 : rpm-ostree (2017-788129b61c)
https://github.com/projectatomic/rpm-ostree/releases/tag/v2017.3 This release includes a fix for CVE-2017-2623. There are a few new features, such as systemctl reload rpm-ostreed now being supported. Some bugfixes such as memory leak fixes. Besides that, there's a lot of internal refactoring goin...
Fedora 25 : rpm-ostree (2017-003fa5648c)
https://github.com/projectatomic/rpm-ostree/releases/tag/v2017.3 This release includes a fix for CVE-2017-2623. There are a few new features, such as systemctl reload rpm-ostreed now being supported. Some bugfixes such as memory leak fixes. Besides that, there's a lot of internal refactoring goin...
Fedora Update for rpm-ostree FEDORA-2017-003fa5648c
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : rpm-ostree and rpm-ostree-client (RHSA-2017:0444)
An update for rpm-ostree and rpm-ostree-client is now available for Red Hat Enterprise Linux Atomic Host 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2017-2623
It was discovered that rpm-ostree and rpm-ostree-client fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certificate pinning is...