Описание
ELSA-2018-2285: yum-utils security update (IMPORTANT)
[1.1.31-46.0.1]
- needs-restarting not checking kernel-uek for reboot message [Orabug 27189714]
- add bug27596617.patch to remove upstream URL reference
[1.1.31-46]
- reposync: prevent path traversal.
- Resolves: bug#1600617
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
yum-NetworkManager-dispatcher
1.1.31-46.0.1.el7_5
yum-plugin-aliases
1.1.31-46.0.1.el7_5
yum-plugin-auto-update-debug-info
1.1.31-46.0.1.el7_5
yum-plugin-changelog
1.1.31-46.0.1.el7_5
yum-plugin-copr
1.1.31-46.0.1.el7_5
yum-plugin-fastestmirror
1.1.31-46.0.1.el7_5
yum-plugin-filter-data
1.1.31-46.0.1.el7_5
yum-plugin-fs-snapshot
1.1.31-46.0.1.el7_5
yum-plugin-keys
1.1.31-46.0.1.el7_5
yum-plugin-list-data
1.1.31-46.0.1.el7_5
yum-plugin-local
1.1.31-46.0.1.el7_5
yum-plugin-merge-conf
1.1.31-46.0.1.el7_5
yum-plugin-ovl
1.1.31-46.0.1.el7_5
yum-plugin-post-transaction-actions
1.1.31-46.0.1.el7_5
yum-plugin-pre-transaction-actions
1.1.31-46.0.1.el7_5
yum-plugin-priorities
1.1.31-46.0.1.el7_5
yum-plugin-protectbase
1.1.31-46.0.1.el7_5
yum-plugin-ps
1.1.31-46.0.1.el7_5
yum-plugin-remove-with-leaves
1.1.31-46.0.1.el7_5
yum-plugin-rpm-warm-cache
1.1.31-46.0.1.el7_5
yum-plugin-show-leaves
1.1.31-46.0.1.el7_5
yum-plugin-tmprepo
1.1.31-46.0.1.el7_5
yum-plugin-tsflags
1.1.31-46.0.1.el7_5
yum-plugin-upgrade-helper
1.1.31-46.0.1.el7_5
yum-plugin-verify
1.1.31-46.0.1.el7_5
yum-plugin-versionlock
1.1.31-46.0.1.el7_5
yum-updateonboot
1.1.31-46.0.1.el7_5
yum-utils
1.1.31-46.0.1.el7_5
Oracle Linux x86_64
yum-NetworkManager-dispatcher
1.1.31-46.0.1.el7_5
yum-plugin-aliases
1.1.31-46.0.1.el7_5
yum-plugin-auto-update-debug-info
1.1.31-46.0.1.el7_5
yum-plugin-changelog
1.1.31-46.0.1.el7_5
yum-plugin-copr
1.1.31-46.0.1.el7_5
yum-plugin-fastestmirror
1.1.31-46.0.1.el7_5
yum-plugin-filter-data
1.1.31-46.0.1.el7_5
yum-plugin-fs-snapshot
1.1.31-46.0.1.el7_5
yum-plugin-keys
1.1.31-46.0.1.el7_5
yum-plugin-list-data
1.1.31-46.0.1.el7_5
yum-plugin-local
1.1.31-46.0.1.el7_5
yum-plugin-merge-conf
1.1.31-46.0.1.el7_5
yum-plugin-ovl
1.1.31-46.0.1.el7_5
yum-plugin-post-transaction-actions
1.1.31-46.0.1.el7_5
yum-plugin-pre-transaction-actions
1.1.31-46.0.1.el7_5
yum-plugin-priorities
1.1.31-46.0.1.el7_5
yum-plugin-protectbase
1.1.31-46.0.1.el7_5
yum-plugin-ps
1.1.31-46.0.1.el7_5
yum-plugin-remove-with-leaves
1.1.31-46.0.1.el7_5
yum-plugin-rpm-warm-cache
1.1.31-46.0.1.el7_5
yum-plugin-show-leaves
1.1.31-46.0.1.el7_5
yum-plugin-tmprepo
1.1.31-46.0.1.el7_5
yum-plugin-tsflags
1.1.31-46.0.1.el7_5
yum-plugin-upgrade-helper
1.1.31-46.0.1.el7_5
yum-plugin-verify
1.1.31-46.0.1.el7_5
yum-plugin-versionlock
1.1.31-46.0.1.el7_5
yum-updateonboot
1.1.31-46.0.1.el7_5
yum-utils
1.1.31-46.0.1.el7_5
Связанные CVE
Связанные уязвимости
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
A directory traversal issue was found in reposync, a part of yum-utils ...
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.