Test Kennung:	1.3.6.1.4.1.25623.1.0.881982
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for yum-updatesd CESA-2014:1004 centos5
Zusammenfassung:	The remote host is missing an update for the 'yum-updatesd'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'yum-updatesd' package(s) announced via the referenced advisory. Vulnerability Insight: The yum-updatesd package provides a daemon which checks for available updates and can notify you when they are available via email, syslog, or dbus. It was discovered that yum-updatesd did not properly perform RPM package signature checks. When yum-updatesd was configured to automatically install updates, a remote attacker could use this flaw to install a malicious update on the target system using an unsigned RPM or an RPM signed with an untrusted key. (CVE-2014-0022) All yum-updatesd users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the yum-updatesd service will be restarted automatically. Affected Software/OS: yum-updatesd on CentOS 5 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0022 56637 http://secunia.com/advisories/56637 65119 http://www.securityfocus.com/bid/65119 http://yum.baseurl.org/gitweb?p=yum.git%3Ba=commitdiff%3Bh=9df69e5794 https://bugzilla.redhat.com/show_bug.cgi?id=1052440 https://bugzilla.redhat.com/show_bug.cgi?id=1057377
Copyright	Copyright (C) 2014 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.