CVE-2003-0546

Name of the Vulnerable Software and Affected Versions up2date versions 3.0.7 through 3.1.23

Description The issue is related to the improper verification of RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network if that network is compromised. This could lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations For up2date versions 3.0.7 through 3.1.23, ensure that RPM GPG signatures are properly verified to prevent the installation of unsigned packages. As a temporary workaround, consider restricting access to the Red Hat Network until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.