View Issue Details

IDProjectCategoryView StatusLast Update
0018017CentOS-8-OTHERpublic2021-01-15 10:49
Reportercndc Assigned To 
PriorityurgentSeveritymajorReproducibilityalways
Status newResolutionopen 
Product Version8.3.2011 
Summary0018017: epel-release distribution signed with unknown key - major security impact
Descriptionwarning: /var/lib/mock/epel-8-x86_64/root/var/cache/dnf/epel-59dc218ad097ee72/packages/epel-release-8-10.el8.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 2f86d6a1: NOKEY
Steps To ReproduceRun this:-

mock -r epel-8-x86_64 --init
Additional InformationUnknown keys mean anyone/any mirror can inject their own malware-ridden versions to get total compromise of victim systems
Tagssecurity

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2021-01-15 10:49 cndc New Issue
2021-01-15 10:49 cndc Tag Attached: security