Описание
ELSA-2018-2284: yum-utils security update (IMPORTANT)
[1.1.30-42.0.1]
- add dependency btrfs-progs for yum-plugin-fs-snapshot (guangyu.sun@oracle.com) [bug 16285176]
- use unified btrfs binary instead of btrfsctl (guangyu.sun@oracle.com) [bug 16285176]
[-1.1.30-42]
- reposync: prevent path traversal.
- Resolves: bug#1600619
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
yum-NetworkManager-dispatcher
1.1.30-42.0.1.el6_10
yum-plugin-aliases
1.1.30-42.0.1.el6_10
yum-plugin-auto-update-debug-info
1.1.30-42.0.1.el6_10
yum-plugin-changelog
1.1.30-42.0.1.el6_10
yum-plugin-fastestmirror
1.1.30-42.0.1.el6_10
yum-plugin-filter-data
1.1.30-42.0.1.el6_10
yum-plugin-fs-snapshot
1.1.30-42.0.1.el6_10
yum-plugin-keys
1.1.30-42.0.1.el6_10
yum-plugin-list-data
1.1.30-42.0.1.el6_10
yum-plugin-local
1.1.30-42.0.1.el6_10
yum-plugin-merge-conf
1.1.30-42.0.1.el6_10
yum-plugin-ovl
1.1.30-42.0.1.el6_10
yum-plugin-post-transaction-actions
1.1.30-42.0.1.el6_10
yum-plugin-priorities
1.1.30-42.0.1.el6_10
yum-plugin-protectbase
1.1.30-42.0.1.el6_10
yum-plugin-ps
1.1.30-42.0.1.el6_10
yum-plugin-remove-with-leaves
1.1.30-42.0.1.el6_10
yum-plugin-rpm-warm-cache
1.1.30-42.0.1.el6_10
yum-plugin-security
1.1.30-42.0.1.el6_10
yum-plugin-show-leaves
1.1.30-42.0.1.el6_10
yum-plugin-tmprepo
1.1.30-42.0.1.el6_10
yum-plugin-tsflags
1.1.30-42.0.1.el6_10
yum-plugin-upgrade-helper
1.1.30-42.0.1.el6_10
yum-plugin-verify
1.1.30-42.0.1.el6_10
yum-plugin-versionlock
1.1.30-42.0.1.el6_10
yum-updateonboot
1.1.30-42.0.1.el6_10
yum-utils
1.1.30-42.0.1.el6_10
Oracle Linux i686
yum-NetworkManager-dispatcher
1.1.30-42.0.1.el6_10
yum-plugin-aliases
1.1.30-42.0.1.el6_10
yum-plugin-auto-update-debug-info
1.1.30-42.0.1.el6_10
yum-plugin-changelog
1.1.30-42.0.1.el6_10
yum-plugin-fastestmirror
1.1.30-42.0.1.el6_10
yum-plugin-filter-data
1.1.30-42.0.1.el6_10
yum-plugin-fs-snapshot
1.1.30-42.0.1.el6_10
yum-plugin-keys
1.1.30-42.0.1.el6_10
yum-plugin-list-data
1.1.30-42.0.1.el6_10
yum-plugin-local
1.1.30-42.0.1.el6_10
yum-plugin-merge-conf
1.1.30-42.0.1.el6_10
yum-plugin-ovl
1.1.30-42.0.1.el6_10
yum-plugin-post-transaction-actions
1.1.30-42.0.1.el6_10
yum-plugin-priorities
1.1.30-42.0.1.el6_10
yum-plugin-protectbase
1.1.30-42.0.1.el6_10
yum-plugin-ps
1.1.30-42.0.1.el6_10
yum-plugin-remove-with-leaves
1.1.30-42.0.1.el6_10
yum-plugin-rpm-warm-cache
1.1.30-42.0.1.el6_10
yum-plugin-security
1.1.30-42.0.1.el6_10
yum-plugin-show-leaves
1.1.30-42.0.1.el6_10
yum-plugin-tmprepo
1.1.30-42.0.1.el6_10
yum-plugin-tsflags
1.1.30-42.0.1.el6_10
yum-plugin-upgrade-helper
1.1.30-42.0.1.el6_10
yum-plugin-verify
1.1.30-42.0.1.el6_10
yum-plugin-versionlock
1.1.30-42.0.1.el6_10
yum-updateonboot
1.1.30-42.0.1.el6_10
yum-utils
1.1.30-42.0.1.el6_10
Связанные CVE
Связанные уязвимости
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
A directory traversal issue was found in reposync, a part of yum-utils ...
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.