redhat-upgrade-tool: Does not check GPG signatures when upgrading versions
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/cve-2014-3585 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3585 | Issue Tracking Vendor Advisory |
Configurations
History
13 Feb 2023, 00:40
Type | Values Removed | Values Added |
---|---|---|
Summary | redhat-upgrade-tool: Does not check GPG signatures when upgrading versions | |
References |
|
02 Feb 2023, 15:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | It was found that the redhat-upgrade-tool did not check GPG signatures on downloaded and installed packages during the upgrade process. |
Information
Published : 2019-11-22 15:15
Updated : 2023-12-10 13:13
NVD link : CVE-2014-3585
Mitre link : CVE-2014-3585
CVE.ORG link : CVE-2014-3585
JSON object : View
Products Affected
redhat
- enterprise_linux
- redhat-upgrade-tool
CWE
CWE-347
Improper Verification of Cryptographic Signature