← back
CVE-2014-0022

CVE-2014-0022

EPSS 2.4%
The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=1052440https://bugzilla.redhat.com/show_bug.cgi?id=1057377http://secunia.com/advisories/56637http://www.securityfocus.com/bid/65119http://yum.baseurl.org/gitweb?p=yum.git%3Ba=commitdiff%3Bh=9df69e5794