Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Scientific Linux: SLSA-2014:1004-1 Important Yum-Updatesd Remote Threat

Calendar Aug 05, 2014 User Avatar LinuxSecurity Advisories
1 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory update remote attack important yum-updatesd Scientific Linux
Important: yum-updatesd security update 
Date: Tue, 5 Aug 2014 13:43:50 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: yum-updatesd on SL5.x (noarch)
MIME-Version: 1.0

Synopsis: Important: yum-updatesd security update
Advisory ID: SLSA-2014:1004-1
Issue Date: 2014-08-05
CVE Numbers: CVE-2014-0022
--

It was discovered that yum-updatesd did not properly perform RPM package
signature checks. When yum-updatesd was configured to automatically
install updates, a remote attacker could use this flaw to install a
malicious update on the target system using an unsigned RPM or an RPM
signed with an untrusted key. (CVE-2014-0022)

After installing this update, the yum-updatesd service will be restarted
automatically.
--

SL5
 noarch
 yum-updatesd-0.9-6.sl5.noarch.rpm

- Scientific Linux Development Team
Your message here