up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote malicious users to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat up2date 3.0.7-1 |
||
redhat up2date 3.1.23-1 |