RPM Package Manager Signature Verification Insufficient User Feedback Weakness

RPM Package Manager Signature Verification Insufficient User Feedback Weakness

Solution:
By passing either '-v' or '-vv' to the rpm utility, detailed signature information will be displayed.

Reportedly, the default behavior of the '-checksig' flag will be modified in RPM 4.1. Version 4.1 is currently under development.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.