CVE-2014-0022

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:baseurl:yum:*:*:*:*:*:*:*:*
cpe:2.3:a:baseurl:yum:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:baseurl:yum:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:baseurl:yum:3.4.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-01-26 16:58

Updated : 2024-02-04 18:35


NVD link : CVE-2014-0022

Mitre link : CVE-2014-0022

CVE.ORG link : CVE-2014-0022


JSON object : View

Products Affected

baseurl

  • yum
CWE
CWE-20

Improper Input Validation