Important CentOS yum-updatesd Update

Metadata

medium
5.0
yum-updatesd-0.9-6.el5_10.noarch.rpm, yum-updatesd-0.9-6.el5_10.src.rpm
CVE-2014-0022
rhn.redhat.com, lists.centos.org
2014-08-05
2017-07-27 19:07
ALAS-2014-315
CVE-2014-0022
2017-04-01 19:08
2017-01-05 20:12

Description


An updated yum-updatesd package that fixes one security issue is now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
Important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The yum-updatesd package provides a daemon which checks for available
updates and can notify you when they are available via email, syslog,
or dbus.

It was discovered that yum-updatesd did not properly perform RPM package
signature checks. When yum-updatesd was configured to automatically install
updates, a remote attacker could use this flaw to install a malicious
update on the target system using an unsigned RPM or an RPM signed with an
untrusted key. (CVE-2014-0022)

All yum-updatesd users are advised to upgrade to this updated package,
which contains a backported patch to correct this issue. After installing
this update, the yum-updatesd service will be restarted automatically.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
5 yum-updatesd yum-updatesd-0.9-6.el5_10.noarch.rpm
yum-updatesd yum-updatesd-0.9-6.el5_10.src.rpm