This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.
The remote Fedora host is missing a security update.
- Upstream yum recently changed the behaviour when
checking signatures on a package. The commit added a new
configuration key which only affects local packages, but
the key was set by default to False.
- This meant that an end user could install a local
unsigned rpm package using PackageKit without a GPG
trust check, and the user would be told the untrusted
package is itself trusted.
- To exploit this low-impact vulnerability, a user would
have to manually download an unsigned package file and
would still be required to authenticate to install the
- The CVE-ID for this bug is CVE-2011-2515
- See https://bugzilla.redhat.com/show_bug.cgi?id=717566
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
See also :
Update the affected PackageKit package.
Risk factor :
Low / CVSS Base Score : 1.5