yum security update

CentOS Errata and Security Advisory CESA-2018:2284

The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use.

Security Fix(es):

• yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Jay Grizzard (Clover Network) and Aaron Levy (Clover Network) for reporting this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2018-August/085138.html

Affected packages:
yum-NetworkManager-dispatcher
yum-plugin-aliases
yum-plugin-auto-update-debug-info
yum-plugin-changelog
yum-plugin-fastestmirror
yum-plugin-filter-data
yum-plugin-fs-snapshot
yum-plugin-keys
yum-plugin-list-data
yum-plugin-local
yum-plugin-merge-conf
yum-plugin-ovl
yum-plugin-post-transaction-actions
yum-plugin-priorities
yum-plugin-protectbase
yum-plugin-ps
yum-plugin-remove-with-leaves
yum-plugin-rpm-warm-cache
yum-plugin-security
yum-plugin-show-leaves
yum-plugin-tmprepo
yum-plugin-tsflags
yum-plugin-upgrade-helper
yum-plugin-verify
yum-plugin-versionlock
yum-updateonboot
yum-utils

Upstream details at:
https://access.redhat.com/errata/RHSA-2018:2284