Red Hat Bugzilla – Bug 983911
redhat-support-tool: lack of package verification
Last modified: 2016-07-03 21:34:38 EDT
src/redhat_support_tool/helpers/yumdownloadhelper.py does not verify repository or package integrity. As a result, there is a potential shell command injection in the package name (see bug 983909), but as we have transport layer protection for the default repositories, this does not seem particularly significant.
Perhaps the -debuginfo package can be installed using debuginfo-install instead (but see bug 676193).