Red Hat Bugzilla – Bug 1021784
CVE-2013-4455 Katello: node-installer creates world readable private key file
Last modified: 2014-08-29 12:17:55 EDT
Dominic Cleal reports:
/etc/pki/tls/private/katello-node.key is created in the apache::certs class in node-installer when a child Pulp node is deployed.
It contains the private key for the node, that's normally kept in files with 0600 permissions.
Added a patch accidentally to this BZ entry, removed.
This was verified and delivered with Satellite 6 MDP2. Upstream has also been addressed.