← volver
CVE-2014-0022

CVE-2014-0022

EPSS 2.4%
The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://bugzilla.redhat.com/show_bug.cgi?id=1052440https://bugzilla.redhat.com/show_bug.cgi?id=1057377http://secunia.com/advisories/56637http://www.securityfocus.com/bid/65119http://yum.baseurl.org/gitweb?p=yum.git%3Ba=commitdiff%3Bh=9df69e5794