7 matches found
Scientific Linux Security Update : yum-updatesd on SL5.x (noarch) (20140805)
It was discovered that yum-updatesd did not properly perform RPM package signature checks. When yum-updatesd was configured to automatically install updates, a remote attacker could use this flaw to install a malicious update on the target system using an unsigned RPM or an RPM signed with an...
CentOS Update for yum-updatesd CESA-2014:1004 centos5
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: yum-updatesd security update
An updated yum-updatesd package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
RHEL 5 : yum-updatesd (RHSA-2014:1004)
An updated yum-updatesd package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
RedHat Update for yum-updatesd RHSA-2014:1004-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : yum (ALAS-2014-315)
The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package. C Tenable Network Security, Inc. The descriptive...
CVE-2014-0022
The CVE-2014-0022 issue affects yum 3.4.3 and earlier where installUpdates in yum-cron/yum-cron.py does not correctly handle the return value of sigCheckPkg, allowing an unsigned package to bypass RPM package signing restrictions. This is a remote-codeish risk vector tied to RPM signature checks,...