yum-updatesd (SL5)

Synopsis: Important: yum-updatesd security update
Advisory ID: SLSA-2014:1004-1
Issue Date: 2014-08-05
CVE Numbers: CVE-2014-0022

It was discovered that yum-updatesd did not properly perform RPM package
signature checks. When yum-updatesd was configured to automatically
install updates, a remote attacker could use this flaw to install a
malicious update on the target system using an unsigned RPM or an RPM
signed with an untrusted key. (CVE-2014-0022)

After installing this update, the yum-updatesd service will be restarted


– Scientific Linux Development Team