Date published: 2014-06-02T11:55:11.683-04:00
Date last modified: 2014-06-03T11:05:31.417-04:00
CVSS Score: 4.3
Principal attack vector: NETWORK
Reference URL: http://rhn.redhat.com/errata/RHSA-2014-0579.html
Summary: OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors.