Scientific Linux Security Update : yum-conf on SL3.x i386/x86_64

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing a security update.

Description :

yum-conf changes are needed for the transition of SL 3 into legacy
mode.

Changes from the old yum-conf

* The files /etc/yum.conf and /etc/cron.daily/yum.cron are not marked
as 'noreplace'. This means that if you have modified /etc/yum.conf or
/etc/cron.daily/yum.cron, your version will be saved as *.rpmsave and
the new version will be put in it's place.

* All the /etc/yum.conf.* files have been removed except yum.conf.309,
yum.conf.30x, and yum.conf.flash

* The yum.conf entries are pointing at /linux/scientific/obsolete/30*,
except for the errata area of /linux/scientific/309/ .

* The yum.cron (/etc/cron.daily/yum.cron) is the yum.cron from
yum-conf-309. It does not point to 309, but has the following changes.

- The yum.cron uses your /etc/yum.conf. If your
/etc/yum.conf has an excludes line already in it, it
adds the entries in /etc/yum.d/yum.cron.excludes. If
your /etc/yum.conf does not have an excludes line, it
adds one, with the entries from /etc/yum.cron.excludes -
It does not use /etc/yum.d/yum.cron.primary or
/etc/yum.d/yum.cron.secondary. You need to put the list
of yum repositories you want yum to go to in
/etc/yum.conf

SL 3.0.1

See also :

http://www.nessus.org/u?72786ae6

Solution :

Update the affected yum-conf package.

Risk factor :

High

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60331 ()

Bugtraq ID:

CVE ID: