vulnerability

Red Hat: CVE-2017-2623: Moderate: rpm-ostree and rpm-ostree-client security, bug fix, and enhancement update (RHSA-2017:0444)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Jul 27, 2018	Sep 24, 2018	Mar 3, 2021

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jul 27, 2018

Added

Sep 24, 2018

Modified

Mar 3, 2021

Description

It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certificate pinning is used by default.

Solutions

redhat-upgrade-rpm-ostreeredhat-upgrade-rpm-ostree-clientredhat-upgrade-rpm-ostree-client-debuginforedhat-upgrade-rpm-ostree-debuginfo

References

BID-96558
NVD-CVE-2017-2623
REDHAT-RHSA-2017:0444

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today