Описание
The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.
The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-0022
- https://access.redhat.com/errata/RHSA-2014:1004
- https://access.redhat.com/security/cve/CVE-2014-0022
- https://bugzilla.redhat.com/show_bug.cgi?id=1052440
- https://bugzilla.redhat.com/show_bug.cgi?id=1057377
- http://secunia.com/advisories/56637
- http://www.securityfocus.com/bid/65119
- http://yum.baseurl.org/gitweb?p=yum.git%3Ba=commitdiff%3Bh=9df69e5794
- http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=9df69e5794
Связанные уязвимости
The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.
The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.
The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить целостность защищаемой информации