CVE-2014-0022 Information

Description

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.

Reference

http://secunia.com/advisories/56637 http://www.securityfocus.com/bid/65119 http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=9df69e5794 http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=9df69e5794 https://bugzilla.redhat.com/show_bug.cgi?id=1052440 https://bugzilla.redhat.com/show_bug.cgi?id=1057377 cpe:2.3:a:baseurl:yum:3.4.0:::::::* cpe:2.3:a:baseurl:yum:3.4.1:::::::* cpe:2.3:a:baseurl:yum:3.4.2:::::::* cpe:2.3:a:baseurl:yum::::::::