Date:         Thu, 14 Aug 2008 14:58:31 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for yum-rhn-plugin on SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: yum-rhn-plugin security update
Issue date:	2008-08-14
CVE Names:	CVE-2008-3270

It was discovered that yum-rhn-plugin did not verify the SSL certificate
for all communication with a Red Hat Network server. An attacker able to
redirect the network communication between a victim and an RHN server could
use this flaw to provide malicious repository metadata. This metadata could
be used to block the victim from receiving specific security updates.
(CVE-2008-3270)

SL 5.x

    SRPMS:
yum-rhn-plugin-0.5.3-12.el5_2.9.src.rpm
    i386:
yum-rhn-plugin-0.5.3-12.el5_2.9.noarch.rpm
    x86_64:
yum-rhn-plugin-0.5.3-12.el5_2.9.noarch.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2008-3270 yum-rhn-plugin SL5.x i386/x86_64

Moderate: yum-rhn-plugin security update

Summary

Date:         Thu, 14 Aug 2008 14:58:31 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA for yum-rhn-plugin on SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Moderate: yum-rhn-plugin security updateIssue date:	2008-08-14CVE Names:	CVE-2008-3270It was discovered that yum-rhn-plugin did not verify the SSL certificatefor all communication with a Red Hat Network server. An attacker able toredirect the network communication between a victim and an RHN server coulduse this flaw to provide malicious repository metadata. This metadata couldbe used to block the victim from receiving specific security updates.(CVE-2008-3270)SL 5.x    SRPMS:yum-rhn-plugin-0.5.3-12.el5_2.9.src.rpm    i386:yum-rhn-plugin-0.5.3-12.el5_2.9.noarch.rpm    x86_64:yum-rhn-plugin-0.5.3-12.el5_2.9.noarch.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News