UBUNTU-CVE-2014-0022

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2014-0022
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-0022.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-0022
Upstream
  • CVE-2014-0022
Published
2014-01-26T16:58:00Z
Modified
2025-10-24T04:45:06Z
Severity
  • Ubuntu - medium
Summary
[none]
Details

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.

References

Affected packages

Ubuntu:16.04:LTS / yum

Package

Name
yum
Purl
pkg:deb/ubuntu/yum@3.4.3-3?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*
3.4.3-3

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "yum",
            "binary_version": "3.4.3-3"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-0022.json"

Ubuntu:18.04:LTS / yum

Package

Name
yum
Purl
pkg:deb/ubuntu/yum@3.4.3-3?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*
3.4.3-3

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "yum",
            "binary_version": "3.4.3-3"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-0022.json"