On Thu, Jan 15, 2009 at 8:42 AM, Sam Folk-Williams <[email protected]> wrote: > Hi, > > Thanks for highlighting these Yum issues. I'd like to get as much of this > info as I can into our Knowledge base. > > It looks like several people on the list have hit the bug mentioned (448012) > > For that issue, we've put together this kbase: > http://kbase.redhat.com/faq/docs/DOC-15495
Sam, But if we downgrade to yum-rhn-plugin-0.5.2-3.el5.noarch.rpm then we are open to the following security vulnerability: "It was discovered that yum-rhn-plugin did not verify the SSL certificate for all communication with a Red Hat Network server. An attacker able to redirect the network communication between a victim and an RHN server could use this flaw to provide malicious repository metadata. This metadata could be used to block the victim from receiving specific security updates. (CVE-2008-3270)" How about patching the current version and letting us update? I'm sure there's strict protocol that isn't allowing Red Hat to do this, but it seems a little backwards to downgrade, open a vulnerability, to fix a bug. And if you don't want to downgrade, then wait till 5.3 comes out...... I do appreciate you communicating with us. Thanks, Kent _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
