SciLinux: CVE-2008-3270 yum-rhn-plugin SL5.x i386/x86_64
Summary
Date: Thu, 14 Aug 2008 14:58:31 -0500Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for yum-rhn-plugin on SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Moderate: yum-rhn-plugin security updateIssue date: 2008-08-14CVE Names: CVE-2008-3270It was discovered that yum-rhn-plugin did not verify the SSL certificatefor all communication with a Red Hat Network server. An attacker able toredirect the network communication between a victim and an RHN server coulduse this flaw to provide malicious repository metadata. This metadata couldbe used to block the victim from receiving specific security updates.(CVE-2008-3270)SL 5.x SRPMS:yum-rhn-plugin-0.5.3-12.el5_2.9.src.rpm i386:yum-rhn-plugin-0.5.3-12.el5_2.9.noarch.rpm x86_64:yum-rhn-plugin-0.5.3-12.el5_2.9.noarch.rpm-Connie Sieh-Troy Dawson