← Back

Rpm Ostree

rpm-ostree

Vendor: Rpm Ostree • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2017-2623
2Redhat
Rpm Ostree
3Enterprise Linux
Rpm OstreeRpm Ostree Client
Nov 21, 2024
Jul 27, 2018
N/A· v4
5.3 MEDIUM· v3
4.3 MEDIUM· v2
It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as exp...Show more
It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certificate pinning is used by default.Show less