Oval Definition:oval:com.redhat.rhsa:def:20182284
Revision Date:2018-07-30Version:635
Title:RHSA-2018:2284: yum-utils security update (Important)
Description:The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use.

Security Fix(es):

  • yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897)

    For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

    Red Hat would like to thank Jay Grizzard (Clover Network) and Aaron Levy (Clover Network) for reporting this issue.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2018-10897
    RHSA-2018:2284
    RHSA-2018:2284-00
    RHSA-2018:2284-01
    RHSA-2018:2284-02
    Platform(s):Red Hat Enterprise Linux 6
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • yum-NetworkManager-dispatcher is earlier than 0:1.1.30-42.el6_10
  • AND yum-NetworkManager-dispatcher is signed with Red Hat redhatrelease2 key
  • yum-plugin-aliases is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-aliases is signed with Red Hat redhatrelease2 key
  • yum-plugin-auto-update-debug-info is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-auto-update-debug-info is signed with Red Hat redhatrelease2 key
  • yum-plugin-changelog is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-changelog is signed with Red Hat redhatrelease2 key
  • yum-plugin-fastestmirror is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-fastestmirror is signed with Red Hat redhatrelease2 key
  • yum-plugin-filter-data is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-filter-data is signed with Red Hat redhatrelease2 key
  • yum-plugin-fs-snapshot is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-fs-snapshot is signed with Red Hat redhatrelease2 key
  • yum-plugin-keys is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-keys is signed with Red Hat redhatrelease2 key
  • yum-plugin-list-data is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-list-data is signed with Red Hat redhatrelease2 key
  • yum-plugin-local is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-local is signed with Red Hat redhatrelease2 key
  • yum-plugin-merge-conf is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-merge-conf is signed with Red Hat redhatrelease2 key
  • yum-plugin-ovl is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-ovl is signed with Red Hat redhatrelease2 key
  • yum-plugin-post-transaction-actions is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-post-transaction-actions is signed with Red Hat redhatrelease2 key
  • yum-plugin-priorities is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-priorities is signed with Red Hat redhatrelease2 key
  • yum-plugin-protectbase is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-protectbase is signed with Red Hat redhatrelease2 key
  • yum-plugin-ps is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-ps is signed with Red Hat redhatrelease2 key
  • yum-plugin-remove-with-leaves is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-remove-with-leaves is signed with Red Hat redhatrelease2 key
  • yum-plugin-rpm-warm-cache is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-rpm-warm-cache is signed with Red Hat redhatrelease2 key
  • yum-plugin-security is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-security is signed with Red Hat redhatrelease2 key
  • yum-plugin-show-leaves is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-show-leaves is signed with Red Hat redhatrelease2 key
  • yum-plugin-tmprepo is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-tmprepo is signed with Red Hat redhatrelease2 key
  • yum-plugin-tsflags is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-tsflags is signed with Red Hat redhatrelease2 key
  • yum-plugin-upgrade-helper is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-upgrade-helper is signed with Red Hat redhatrelease2 key
  • yum-plugin-verify is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-verify is signed with Red Hat redhatrelease2 key
  • yum-plugin-versionlock is earlier than 0:1.1.30-42.el6_10
  • AND yum-plugin-versionlock is signed with Red Hat redhatrelease2 key
  • yum-updateonboot is earlier than 0:1.1.30-42.el6_10
  • AND yum-updateonboot is signed with Red Hat redhatrelease2 key
  • yum-utils is earlier than 0:1.1.30-42.el6_10
  • AND yum-utils is signed with Red Hat redhatrelease2 key
  • BACK