The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate.
oryginał ENAV:N/AC:M/Au:N/C:C/I:C/A:CGentoo Portage
APPGentoo2.1.12
Powiązane podatności
Brak weryfikacji podpisu PGP w Gentoo Portage emerge-webrsync
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which...
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugi...
Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory...
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfil...