yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.
[
{
"product": "yum",
"vendor": "yum",
"versions": [
{
"status": "affected",
"version": "3.4.3"
}
]
}
]