Unrated severityNVD Advisory· Published Aug 27, 2003· Updated Apr 16, 2026

CVE-2003-0546

Description

up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.

Affected products

Red Hat/Up2date4 versions
cpe:2.3:a:redhat:up2date:3.0.7-1:*:i386:*:*:*:*:*+ 3 more
- cpe:2.3:a:redhat:up2date:3.0.7-1:*:i386:*:*:*:*:*
- cpe:2.3:a:redhat:up2date:3.0.7-1:*:i386_gnome:*:*:*:*:*
- cpe:2.3:a:redhat:up2date:3.1.23-1:*:i386:*:*:*:*:*
- cpe:2.3:a:redhat:up2date:3.1.23-1:*:i386_gnome:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

marc.infonvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A631nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000