LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Important: yum-updatesd security update
Advisory ID:       SLSA-2014:1004-1
Issue Date:        2014-08-05
CVE Numbers:       CVE-2014-0022
--

It was discovered that yum-updatesd did not properly perform RPM package
signature checks. When yum-updatesd was configured to automatically
install updates, a remote attacker could use this flaw to install a
malicious update on the target system using an unsigned RPM or an RPM
signed with an untrusted key. (CVE-2014-0022)

After installing this update, the yum-updatesd service will be restarted
automatically.
--

SL5
  noarch
    yum-updatesd-0.9-6.sl5.noarch.rpm

- Scientific Linux Development Team