Synopsis: Important: yum-updatesd security update
Advisory ID: SLSA-2014:1004-1
Issue Date: 2014-08-05
CVE Numbers: CVE-2014-0022
—
It was discovered that yum-updatesd did not properly perform RPM package
signature checks. When yum-updatesd was configured to automatically
install updates, a remote attacker could use this flaw to install a
malicious update on the target system using an unsigned RPM or an RPM
signed with an untrusted key. (CVE-2014-0022)
After installing this update, the yum-updatesd service will be restarted
automatically.
—
SL5
noarch
yum-updatesd-0.9-6.sl5.noarch.rpm
– Scientific Linux Development Team
