openstack-heat-templates: multiple vulnerabilities
| Package(s): | openstack-heat-templates | CVE #(s): | CVE-2014-0040 CVE-2014-0041 CVE-2014-0042 | ||||
| Created: | May 30, 2014 | Updated: | June 4, 2014 | ||||
| Description: | From the Red Hat advisory: It was discovered that certain heat templates used HTTP to insecurely download packages and signing keys via Yum. An attacker could use this flaw to conduct man-in-the-middle attacks to prevent essential security updates from being installed on the system. (CVE-2014-0040) It was found that certain heat templates disabled SSL protection for various Yum repositories (sslverify=false). An attacker could use this flaw to conduct man-in-the-middle attacks to prevent essential security updates from being installed on the system. (CVE-2014-0041) It was discovered that certain heat templates disabled GPG signature checking of packages via Yum (gpgcheck=0). An attacker could use this flaw to conduct man-in-the-middle attacks to install arbitrary packages on the system. (CVE-2014-0042) | ||||||
| Alerts: |
| ||||||