CVE-2014-0022
N/A
N/A
Summary
The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/65119
- http://yum.baseurl.org/gitweb?p=yum.git%3Ba=commitdiff%3Bh=9df69e5794
- http://secunia.com/advisories/56637
- https://bugzilla.redhat.com/show_bug.cgi?id=1052440
- https://bugzilla.redhat.com/show_bug.cgi?id=1057377
References
- http://www.securityfocus.com/bid/65119
- http://yum.baseurl.org/gitweb?p=yum.git%3Ba=commitdiff%3Bh=9df69e5794
- http://secunia.com/advisories/56637
- https://bugzilla.redhat.com/show_bug.cgi?id=1052440
- https://bugzilla.redhat.com/show_bug.cgi?id=1057377
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.