SciLinux: CVE-2014-0022 Important: yum-updatesd SL5.x (noarch)
Summary
Important: yum-updatesd security update
Date: Tue, 5 Aug 2014 13:43:50 +0000 Reply-To: scientific-linux-users@listserv.fnal.gov Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Important: yum-updatesd on SL5.x (noarch) MIME-Version: 1.0 Synopsis: Important: yum-updatesd security update Advisory ID: SLSA-2014:1004-1 Issue Date: 2014-08-05 CVE Numbers: CVE-2014-0022 -- It was discovered that yum-updatesd did not properly perform RPM package signature checks. When yum-updatesd was configured to automatically install updates, a remote attacker could use this flaw to install a malicious update on the target system using an unsigned RPM or an RPM signed with an untrusted key. (CVE-2014-0022) After installing this update, the yum-updatesd service will be restarted automatically. -- SL5 noarch yum-updatesd-0.9-6.sl5.noarch.rpm - Scientific Linux Development Team
Important: yum-updatesd security update