yum security update

ID CESA-2018:2284
Type centos
Reporter CentOS Project
Modified 2018-08-09T15:06:44


CentOS Errata and Security Advisory CESA-2018:2284

The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use.

Security Fix(es):

  • yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Jay Grizzard (Clover Network) and Aaron Levy (Clover Network) for reporting this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2018-August/022976.html

Affected packages: yum-NetworkManager-dispatcher yum-plugin-aliases yum-plugin-auto-update-debug-info yum-plugin-changelog yum-plugin-fastestmirror yum-plugin-filter-data yum-plugin-fs-snapshot yum-plugin-keys yum-plugin-list-data yum-plugin-local yum-plugin-merge-conf yum-plugin-ovl yum-plugin-post-transaction-actions yum-plugin-priorities yum-plugin-protectbase yum-plugin-ps yum-plugin-remove-with-leaves yum-plugin-rpm-warm-cache yum-plugin-security yum-plugin-show-leaves yum-plugin-tmprepo yum-plugin-tsflags yum-plugin-upgrade-helper yum-plugin-verify yum-plugin-versionlock yum-updateonboot yum-utils

Upstream details at: