(RHSA-2019:3583) Moderate: yum security, bug fix, and enhancement update

2019-11-0518:04:04

access.redhat.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.4%

JSON

Yum is a command-line utility that allows the user to check for updates and automatically download and install updated RPM packages. Yum automatically obtains and downloads dependencies, prompting the user for permission as necessary.

The following packages have been upgraded to a later upstream version: dnf (4.2.7), dnf-plugins-core (4.0.8), libcomps (0.1.11), libdnf (0.35.1), librepo (1.10.3), libsolv (0.7.4). (BZ#1690288, BZ#1690289, BZ#1690299, BZ#1692402, BZ#1694019, BZ#1697946)

Security Fix(es):

libcomps: use after free when merging two objmrtrees (CVE-2019-3817)
libsolv: illegal address access in pool_whatprovides in src/pool.h (CVE-2018-20534)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8s390xpython3-libcomps-debuginfo< 0.1.11-2.el8python3-libcomps-debuginfo-0.1.11-2.el8.s390x.rpm
RedHat8ppc64lecreaterepo_c-debuginfo< 0.11.0-3.el8createrepo_c-debuginfo-0.11.0-3.el8.ppc64le.rpm
RedHat8x86_64librepo< 1.10.3-3.el8librepo-1.10.3-3.el8.x86_64.rpm
RedHat8s390xpython3-librepo< 1.10.3-3.el8python3-librepo-1.10.3-3.el8.s390x.rpm
RedHat8aarch64libsolv-debuginfo< 0.7.4-3.el8libsolv-debuginfo-0.7.4-3.el8.aarch64.rpm
RedHat8ppc64lemicrodnf< 3.0.1-3.el8microdnf-3.0.1-3.el8.ppc64le.rpm
RedHat8aarch64libdnf-debuginfo< 0.35.1-8.el8libdnf-debuginfo-0.35.1-8.el8.aarch64.rpm
RedHat8x86_64python3-hawkey< 0.35.1-8.el8python3-hawkey-0.35.1-8.el8.x86_64.rpm
RedHat8aarch64python3-libdnf< 0.35.1-8.el8python3-libdnf-0.35.1-8.el8.aarch64.rpm
RedHat8s390xpython3-createrepo_c-debuginfo< 0.11.0-3.el8python3-createrepo_c-debuginfo-0.11.0-3.el8.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	s390x	python3-libcomps-debuginfo	< 0.1.11-2.el8	python3-libcomps-debuginfo-0.1.11-2.el8.s390x.rpm
RedHat	8	ppc64le	createrepo_c-debuginfo	< 0.11.0-3.el8	createrepo_c-debuginfo-0.11.0-3.el8.ppc64le.rpm
RedHat	8	x86_64	librepo	< 1.10.3-3.el8	librepo-1.10.3-3.el8.x86_64.rpm
RedHat	8	s390x	python3-librepo	< 1.10.3-3.el8	python3-librepo-1.10.3-3.el8.s390x.rpm
RedHat	8	aarch64	libsolv-debuginfo	< 0.7.4-3.el8	libsolv-debuginfo-0.7.4-3.el8.aarch64.rpm
RedHat	8	ppc64le	microdnf	< 3.0.1-3.el8	microdnf-3.0.1-3.el8.ppc64le.rpm
RedHat	8	aarch64	libdnf-debuginfo	< 0.35.1-8.el8	libdnf-debuginfo-0.35.1-8.el8.aarch64.rpm
RedHat	8	x86_64	python3-hawkey	< 0.35.1-8.el8	python3-hawkey-0.35.1-8.el8.x86_64.rpm
RedHat	8	aarch64	python3-libdnf	< 0.35.1-8.el8	python3-libdnf-0.35.1-8.el8.aarch64.rpm
RedHat	8	s390x	python3-createrepo_c-debuginfo	< 0.11.0-3.el8	python3-createrepo_c-debuginfo-0.11.0-3.el8.s390x.rpm