What Are You Looking For?

Sign Up
Date:         Thu, 14 Aug 2008 14:58:31 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for yum-rhn-plugin on SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: yum-rhn-plugin security update
Issue date:	2008-08-14
CVE Names:	CVE-2008-3270

It was discovered that yum-rhn-plugin did not verify the SSL certificate
for all communication with a Red Hat Network server. An attacker able to
redirect the network communication between a victim and an RHN server could
use this flaw to provide malicious repository metadata. This metadata could
be used to block the victim from receiving specific security updates.
(CVE-2008-3270)

SL 5.x

    SRPMS:
yum-rhn-plugin-0.5.3-12.el5_2.9.src.rpm
    i386:
yum-rhn-plugin-0.5.3-12.el5_2.9.noarch.rpm
    x86_64:
yum-rhn-plugin-0.5.3-12.el5_2.9.noarch.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2008-3270 yum-rhn-plugin SL5.x i386/x86_64

Moderate: yum-rhn-plugin security update

Summary

Date:         Thu, 14 Aug 2008 14:58:31 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA for yum-rhn-plugin on SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Moderate: yum-rhn-plugin security updateIssue date:	2008-08-14CVE Names:	CVE-2008-3270It was discovered that yum-rhn-plugin did not verify the SSL certificatefor all communication with a Red Hat Network server. An attacker able toredirect the network communication between a victim and an RHN server coulduse this flaw to provide malicious repository metadata. This metadata couldbe used to block the victim from receiving specific security updates.(CVE-2008-3270)SL 5.x    SRPMS:yum-rhn-plugin-0.5.3-12.el5_2.9.src.rpm    i386:yum-rhn-plugin-0.5.3-12.el5_2.9.noarch.rpm    x86_64:yum-rhn-plugin-0.5.3-12.el5_2.9.noarch.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Kali vs. ParrotOS: 2 Versatile Linux Distros for Security Pros

Dec 9, 2023

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo