vulnerability

CentOS Linux: CVE-2017-2623: Moderate: rpm-ostree and rpm-ostree-client security, bug fix, and enhancement update (CESA-2017:0444)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Jul 27, 2018	Aug 28, 2019	May 25, 2023

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jul 27, 2018

Added

Aug 28, 2019

Modified

May 25, 2023

Description

It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certificate pinning is used by default.

Solution(s)

centos-upgrade-rpm-ostreecentos-upgrade-rpm-ostree-clientcentos-upgrade-rpm-ostree-client-debuginfocentos-upgrade-rpm-ostree-debuginfo

References

BID-96558
NVD-CVE-2017-2623
REDHAT-RHSA-2017:0444

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today