CVE-2014-0022

Name of the Vulnerable Software and Affected Versions yum versions 3.4.3 and earlier

Description The issue allows remote attackers to bypass the RMP package signing restriction, potentially leading to a violation of protected information integrity. This can be exploited remotely. The installUpdates function in yum-cron/yum-cron.py does not properly check the return value of the sigCheckPkg function, enabling the bypass via an unsigned package.

Recommendations For versions 3.4.3 and earlier, as a temporary workaround, consider disabling the installUpdates function until a patch is available. Restrict access to unsigned packages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.