Oval Definition:oval:com.redhat.rhsa:def:20193583
Revision Date:2019-11-05Version:642
Title:RHSA-2019:3583: yum security, bug fix, and enhancement update (Moderate)
Description:Yum is a command-line utility that allows the user to check for updates and automatically download and install updated RPM packages. Yum automatically obtains and downloads dependencies, prompting the user for permission as necessary.

  • The following packages have been upgraded to a later upstream version: dnf (4.2.7), dnf-plugins-core (4.0.8), libcomps (0.1.11), libdnf (0.35.1), librepo (1.10.3), libsolv (0.7.4). (BZ#1690288, BZ#1690289, BZ#1690299, BZ#1692402, BZ#1694019, BZ#1697946)

    Security Fix(es):

  • libcomps: use after free when merging two objmrtrees (CVE-2019-3817)

  • libsolv: illegal address access in pool_whatprovides in src/pool.h (CVE-2018-20534)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2018-20534
    CVE-2019-3817
    RHSA-2019:3583
    Platform(s):Red Hat Enterprise Linux 8
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 8 is installed
  • OR Red Hat CoreOS 4 is installed
  • AND
  • libsolv is earlier than 0:0.7.4-3.el8
  • AND libsolv is signed with Red Hat redhatrelease2 key
  • librhsm is earlier than 0:0.0.3-3.el8
  • AND librhsm is signed with Red Hat redhatrelease2 key
  • libcomps is earlier than 0:0.1.11-2.el8
  • AND libcomps is signed with Red Hat redhatrelease2 key
  • libcomps-devel is earlier than 0:0.1.11-2.el8
  • AND libcomps-devel is signed with Red Hat redhatrelease2 key
  • python3-libcomps is earlier than 0:0.1.11-2.el8
  • AND python3-libcomps is signed with Red Hat redhatrelease2 key
  • createrepo_c is earlier than 0:0.11.0-3.el8
  • AND createrepo_c is signed with Red Hat redhatrelease2 key
  • createrepo_c-devel is earlier than 0:0.11.0-3.el8
  • AND createrepo_c-devel is signed with Red Hat redhatrelease2 key
  • createrepo_c-libs is earlier than 0:0.11.0-3.el8
  • AND createrepo_c-libs is signed with Red Hat redhatrelease2 key
  • python3-createrepo_c is earlier than 0:0.11.0-3.el8
  • AND python3-createrepo_c is signed with Red Hat redhatrelease2 key
  • dnf-plugins-core is earlier than 0:4.0.8-3.el8
  • AND dnf-plugins-core is signed with Red Hat redhatrelease2 key
  • python3-dnf-plugin-versionlock is earlier than 0:4.0.8-3.el8
  • AND python3-dnf-plugin-versionlock is signed with Red Hat redhatrelease2 key
  • python3-dnf-plugins-core is earlier than 0:4.0.8-3.el8
  • AND python3-dnf-plugins-core is signed with Red Hat redhatrelease2 key
  • yum-utils is earlier than 0:4.0.8-3.el8
  • AND yum-utils is signed with Red Hat redhatrelease2 key
  • microdnf is earlier than 0:3.0.1-3.el8
  • AND microdnf is signed with Red Hat redhatrelease2 key
  • dnf is earlier than 0:4.2.7-6.el8
  • AND dnf is signed with Red Hat redhatrelease2 key
  • dnf-automatic is earlier than 0:4.2.7-6.el8
  • AND dnf-automatic is signed with Red Hat redhatrelease2 key
  • dnf-data is earlier than 0:4.2.7-6.el8
  • AND dnf-data is signed with Red Hat redhatrelease2 key
  • python3-dnf is earlier than 0:4.2.7-6.el8
  • AND python3-dnf is signed with Red Hat redhatrelease2 key
  • yum is earlier than 0:4.2.7-6.el8
  • AND yum is signed with Red Hat redhatrelease2 key
  • librepo is earlier than 0:1.10.3-3.el8
  • AND librepo is signed with Red Hat redhatrelease2 key
  • python3-librepo is earlier than 0:1.10.3-3.el8
  • AND python3-librepo is signed with Red Hat redhatrelease2 key
  • libdnf is earlier than 0:0.35.1-8.el8
  • AND libdnf is signed with Red Hat redhatrelease2 key
  • python3-hawkey is earlier than 0:0.35.1-8.el8
  • AND python3-hawkey is signed with Red Hat redhatrelease2 key
  • python3-libdnf is earlier than 0:0.35.1-8.el8
  • AND python3-libdnf is signed with Red Hat redhatrelease2 key
  • BACK