Distribution's token authentication allows to inject an untrusted signing key in a JWT

Impact Systems running registry version 3.0.0-beta.1 with token authentication enabled. Patches Update to at least v3.0.0-rc.3 Workarounds There is no way to work around this issue without patching if your system requires token authentication. References The issue lies in how the JWK verification...

OpenSSL Security Vulnerabilities

OpenSSL is an open source capable general-purpose cryptographic library from the OpenSSL team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

Insecure Signature

rpm has insecure signature. The vulnerability exists due to an untrusted RPM or public key...

Scientific Linux Security Update : yum-updatesd on SL5.x (noarch) (20140805)

It was discovered that yum-updatesd did not properly perform RPM package signature checks. When yum-updatesd was configured to automatically install updates, a remote attacker could use this flaw to install a malicious update on the target system using an unsigned RPM or an RPM signed with an...

Important: Red Hat Security Advisory: yum-updatesd security update

An updated yum-updatesd package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...