Joined: 12 May 2004
|Posted: Fri Jul 10, 2015 4:26 pm Post subject: [ GLSA 201507-16 ] Portage
|Gentoo Linux Security Advisory
Title: Portage: Man-in-the-middle attack (GLSA 201507-16)
Date: July 10, 2015
A vulnerability in Portage's urlopen function could allow a remote
attacker to conduct a man-in-the-middle attack.
Portage is the package management and distribution system for Gentoo.
Vulnerable: < 18.104.22.168
Unaffected: >= 22.214.171.124
Architectures: All supported architectures
Portage does not verify X.509 SSL certificates properly if HTTPS is
A remote attacker can spoof servers and modify binary package lists via
specially crafted certificates.
There is no known workaround at this time.
All Portage users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/portage-126.96.36.199"