Scientific Linux Security Update : yum-updatesd on SL5.x (noarch)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing a security update.

Description :

It was discovered that yum-updatesd did not properly perform RPM
package signature checks. When yum-updatesd was configured to
automatically install updates, a remote attacker could use this flaw
to install a malicious update on the target system using an unsigned
RPM or an RPM signed with an untrusted key. (CVE-2014-0022)

After installing this update, the yum-updatesd service will be
restarted automatically.

See also :

http://www.nessus.org/u?2ddfda5f

Solution :

Update the affected yum-updatesd package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 77018 ()

Bugtraq ID:

CVE ID: CVE-2014-0022

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now