First published: Tue Apr 12 2016(Updated: )
It was found that spec file generating RSA keys, used for authenticating messages between server and consumers, as post installation step does this in world-readable directories for a brief moment. Vulnerable code: <a href="https://github.com/pulp/pulp/blob/master/pulp.spec#L473-L486">https://github.com/pulp/pulp/blob/master/pulp.spec#L473-L486</a> <a href="https://github.com/pulp/pulp/blob/master/pulp.spec#L894-L903">https://github.com/pulp/pulp/blob/master/pulp.spec#L894-L903</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pulpproject Pulp | <=2.8.2-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.