Unrated severityNVD Advisory· Published Jul 27, 2018· Updated Aug 5, 2024
CVE-2017-2623
CVE-2017-2623
Description
It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certificate pinning is used by default.
Affected products
1- Range: 2017.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- access.redhat.com/errata/RHSA-2017:0444mitrevendor-advisoryx_refsource_REDHAT
- www.securityfocus.com/bid/96558mitrevdb-entryx_refsource_BID
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.