Unrated severityNVD Advisory· Published Jan 26, 2014· Updated Apr 29, 2026

CVE-2014-0022

Description

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.

Affected products

Baseurl/Yum4 versions
cpe:2.3:a:baseurl:yum:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:baseurl:yum:*:*:*:*:*:*:*:*range: <=3.4.3
- cpe:2.3:a:baseurl:yum:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:baseurl:yum:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:baseurl:yum:3.4.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/56637nvdVendor Advisory
www.securityfocus.com/bid/65119nvd
yum.baseurl.org/gitwebnvd
bugzilla.redhat.com/show_bug.cginvd
bugzilla.redhat.com/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000