Bug 1231800 (CVE-2015-3229) - CVE-2015-3229 spin-kickstarts: Atomic Spin built with remote tree as http instead of https
Summary: CVE-2015-3229 spin-kickstarts: Atomic Spin built with remote tree as http ins...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-3229
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1231287
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-06-15 12:25 UTC by Vasyl Kaigorodov
Modified: 2021-10-21 00:45 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-21 00:45:44 UTC


Attachments (Terms of Use)

Description Vasyl Kaigorodov 2015-06-15 12:25:34 UTC
It was reported that Fedora Atomic updates are trivially vulnerable to a MITM attack.

Upstream fix: https://git.fedorahosted.org/cgit/spin-kickstarts.git/commit/?id=1e408e111008f539c89212a9ca9bb955e2c4f823
Original report: https://bugzilla.redhat.com/show_bug.cgi?id=1231287


Note You need to log in before you can comment on or make changes to this bug.