1231800 – (CVE-2015-3229) CVE-2015-3229 spin-kickstarts: Atomic Spin built with remote tree as http instead of https

Bug 1231800 (CVE-2015-3229) - CVE-2015-3229 spin-kickstarts: Atomic Spin built with remote tree as http instead of https

Summary: CVE-2015-3229 spin-kickstarts: Atomic Spin built with remote tree as http ins...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-3229
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1231287
Blocks:
TreeView+	depends on / blocked

Reported:	2015-06-15 12:25 UTC by Vasyl Kaigorodov
Modified:	2021-10-21 00:45 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-21 00:45:44 UTC
Embargoed:

Attachments	(Terms of Use)

Description Vasyl Kaigorodov 2015-06-15 12:25:34 UTC

It was reported that Fedora Atomic updates are trivially vulnerable to a MITM attack.

Upstream fix: https://git.fedorahosted.org/cgit/spin-kickstarts.git/commit/?id=1e408e111008f539c89212a9ca9bb955e2c4f823
Original report: https://bugzilla.redhat.com/show_bug.cgi?id=1231287

Note You need to log in before you can comment on or make changes to this bug.