First published: Thu Mar 31 2016(Updated: )
It was found that newly generated CA keys by running pulp-gen-ca-certificate (which is run by spec file when pulp is installed) script are insufficiently protected against reading by other users for the time the script runs. Vulnerable code: <a href="https://github.com/pulp/pulp/blob/2.8.0/server/bin/pulp-gen-ca-certificate">https://github.com/pulp/pulp/blob/2.8.0/server/bin/pulp-gen-ca-certificate</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fedoraproject Fedora | =24 | |
Pulpproject Pulp | <=2.8.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.