ESB-2018.2205 - [UNIX/Linux][RedHat] yum-utils: Execute arbitrary code/commands - Remote with user interaction 2018-07-31

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.2205
                   Important: yum-utils security update
                               31 July 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           yum-utils
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 6
                   Red Hat Enterprise Linux WS/Desktop 6
                   Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-10897  

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2018:2284
   https://access.redhat.com/errata/RHSA-2018:2285

Comment: This bulletin contains two (2) Red Hat security advisories.
         
         This advisory references vulnerabilities in products which run on 
         platforms other than Red Hat. It is recommended that administrators
         running yum-utils check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: yum-utils security update
Advisory ID:       RHSA-2018:2285-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2285
Issue date:        2018-07-30
CVE Names:         CVE-2018-10897 
=====================================================================

1. Summary:

An update for yum-utils is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch
Red Hat Enterprise Linux Client Optional (v. 7) - noarch
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch
Red Hat Enterprise Linux Server (v. 7) - noarch
Red Hat Enterprise Linux Server Optional (v. 7) - noarch
Red Hat Enterprise Linux Workstation (v. 7) - noarch
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch

3. Description:

The yum-utils packages provide a collection of utilities and examples for
the yum package manager to make yum easier and more powerful to use.

Security Fix(es):

* yum-utils: reposync: improper path validation may lead to directory
traversal (CVE-2018-10897)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Jay Grizzard (Clover Network) and Aaron Levy
(Clover Network) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1600221 - CVE-2018-10897 yum-utils: reposync: improper path validation may lead to directory traversal

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
yum-utils-1.1.31-46.el7_5.src.rpm

noarch:
yum-plugin-aliases-1.1.31-46.el7_5.noarch.rpm
yum-plugin-changelog-1.1.31-46.el7_5.noarch.rpm
yum-plugin-ovl-1.1.31-46.el7_5.noarch.rpm
yum-plugin-tmprepo-1.1.31-46.el7_5.noarch.rpm
yum-plugin-verify-1.1.31-46.el7_5.noarch.rpm
yum-plugin-versionlock-1.1.31-46.el7_5.noarch.rpm
yum-utils-1.1.31-46.el7_5.noarch.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
yum-NetworkManager-dispatcher-1.1.31-46.el7_5.noarch.rpm
yum-plugin-auto-update-debug-info-1.1.31-46.el7_5.noarch.rpm
yum-plugin-copr-1.1.31-46.el7_5.noarch.rpm
yum-plugin-fastestmirror-1.1.31-46.el7_5.noarch.rpm
yum-plugin-filter-data-1.1.31-46.el7_5.noarch.rpm
yum-plugin-fs-snapshot-1.1.31-46.el7_5.noarch.rpm
yum-plugin-keys-1.1.31-46.el7_5.noarch.rpm
yum-plugin-list-data-1.1.31-46.el7_5.noarch.rpm
yum-plugin-local-1.1.31-46.el7_5.noarch.rpm
yum-plugin-merge-conf-1.1.31-46.el7_5.noarch.rpm
yum-plugin-post-transaction-actions-1.1.31-46.el7_5.noarch.rpm
yum-plugin-pre-transaction-actions-1.1.31-46.el7_5.noarch.rpm
yum-plugin-priorities-1.1.31-46.el7_5.noarch.rpm
yum-plugin-protectbase-1.1.31-46.el7_5.noarch.rpm
yum-plugin-ps-1.1.31-46.el7_5.noarch.rpm
yum-plugin-remove-with-leaves-1.1.31-46.el7_5.noarch.rpm
yum-plugin-rpm-warm-cache-1.1.31-46.el7_5.noarch.rpm
yum-plugin-show-leaves-1.1.31-46.el7_5.noarch.rpm
yum-plugin-tsflags-1.1.31-46.el7_5.noarch.rpm
yum-plugin-upgrade-helper-1.1.31-46.el7_5.noarch.rpm
yum-updateonboot-1.1.31-46.el7_5.noarch.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
yum-utils-1.1.31-46.el7_5.src.rpm

noarch:
yum-plugin-aliases-1.1.31-46.el7_5.noarch.rpm
yum-plugin-changelog-1.1.31-46.el7_5.noarch.rpm
yum-plugin-ovl-1.1.31-46.el7_5.noarch.rpm
yum-plugin-tmprepo-1.1.31-46.el7_5.noarch.rpm
yum-plugin-verify-1.1.31-46.el7_5.noarch.rpm
yum-plugin-versionlock-1.1.31-46.el7_5.noarch.rpm
yum-utils-1.1.31-46.el7_5.noarch.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
yum-NetworkManager-dispatcher-1.1.31-46.el7_5.noarch.rpm
yum-plugin-auto-update-debug-info-1.1.31-46.el7_5.noarch.rpm
yum-plugin-copr-1.1.31-46.el7_5.noarch.rpm
yum-plugin-fastestmirror-1.1.31-46.el7_5.noarch.rpm
yum-plugin-filter-data-1.1.31-46.el7_5.noarch.rpm
yum-plugin-fs-snapshot-1.1.31-46.el7_5.noarch.rpm
yum-plugin-keys-1.1.31-46.el7_5.noarch.rpm
yum-plugin-list-data-1.1.31-46.el7_5.noarch.rpm
yum-plugin-local-1.1.31-46.el7_5.noarch.rpm
yum-plugin-merge-conf-1.1.31-46.el7_5.noarch.rpm
yum-plugin-post-transaction-actions-1.1.31-46.el7_5.noarch.rpm
yum-plugin-pre-transaction-actions-1.1.31-46.el7_5.noarch.rpm
yum-plugin-priorities-1.1.31-46.el7_5.noarch.rpm
yum-plugin-protectbase-1.1.31-46.el7_5.noarch.rpm
yum-plugin-ps-1.1.31-46.el7_5.noarch.rpm
yum-plugin-remove-with-leaves-1.1.31-46.el7_5.noarch.rpm
yum-plugin-rpm-warm-cache-1.1.31-46.el7_5.noarch.rpm
yum-plugin-show-leaves-1.1.31-46.el7_5.noarch.rpm
yum-plugin-tsflags-1.1.31-46.el7_5.noarch.rpm
yum-plugin-upgrade-helper-1.1.31-46.el7_5.noarch.rpm
yum-updateonboot-1.1.31-46.el7_5.noarch.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
yum-utils-1.1.31-46.el7_5.src.rpm

noarch:
yum-plugin-aliases-1.1.31-46.el7_5.noarch.rpm
yum-plugin-changelog-1.1.31-46.el7_5.noarch.rpm
yum-plugin-ovl-1.1.31-46.el7_5.noarch.rpm
yum-plugin-tmprepo-1.1.31-46.el7_5.noarch.rpm
yum-plugin-verify-1.1.31-46.el7_5.noarch.rpm
yum-plugin-versionlock-1.1.31-46.el7_5.noarch.rpm
yum-utils-1.1.31-46.el7_5.noarch.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source:
yum-utils-1.1.31-46.el7_5.src.rpm

noarch:
yum-plugin-aliases-1.1.31-46.el7_5.noarch.rpm
yum-plugin-changelog-1.1.31-46.el7_5.noarch.rpm
yum-plugin-ovl-1.1.31-46.el7_5.noarch.rpm
yum-plugin-tmprepo-1.1.31-46.el7_5.noarch.rpm
yum-plugin-verify-1.1.31-46.el7_5.noarch.rpm
yum-plugin-versionlock-1.1.31-46.el7_5.noarch.rpm
yum-utils-1.1.31-46.el7_5.noarch.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
yum-NetworkManager-dispatcher-1.1.31-46.el7_5.noarch.rpm
yum-plugin-auto-update-debug-info-1.1.31-46.el7_5.noarch.rpm
yum-plugin-copr-1.1.31-46.el7_5.noarch.rpm
yum-plugin-fastestmirror-1.1.31-46.el7_5.noarch.rpm
yum-plugin-filter-data-1.1.31-46.el7_5.noarch.rpm
yum-plugin-fs-snapshot-1.1.31-46.el7_5.noarch.rpm
yum-plugin-keys-1.1.31-46.el7_5.noarch.rpm
yum-plugin-list-data-1.1.31-46.el7_5.noarch.rpm
yum-plugin-local-1.1.31-46.el7_5.noarch.rpm
yum-plugin-merge-conf-1.1.31-46.el7_5.noarch.rpm
yum-plugin-post-transaction-actions-1.1.31-46.el7_5.noarch.rpm
yum-plugin-pre-transaction-actions-1.1.31-46.el7_5.noarch.rpm
yum-plugin-priorities-1.1.31-46.el7_5.noarch.rpm
yum-plugin-protectbase-1.1.31-46.el7_5.noarch.rpm
yum-plugin-ps-1.1.31-46.el7_5.noarch.rpm
yum-plugin-remove-with-leaves-1.1.31-46.el7_5.noarch.rpm
yum-plugin-rpm-warm-cache-1.1.31-46.el7_5.noarch.rpm
yum-plugin-show-leaves-1.1.31-46.el7_5.noarch.rpm
yum-plugin-tsflags-1.1.31-46.el7_5.noarch.rpm
yum-plugin-upgrade-helper-1.1.31-46.el7_5.noarch.rpm
yum-updateonboot-1.1.31-46.el7_5.noarch.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

noarch:
yum-NetworkManager-dispatcher-1.1.31-46.el7_5.noarch.rpm
yum-plugin-auto-update-debug-info-1.1.31-46.el7_5.noarch.rpm
yum-plugin-copr-1.1.31-46.el7_5.noarch.rpm
yum-plugin-fastestmirror-1.1.31-46.el7_5.noarch.rpm
yum-plugin-filter-data-1.1.31-46.el7_5.noarch.rpm
yum-plugin-fs-snapshot-1.1.31-46.el7_5.noarch.rpm
yum-plugin-keys-1.1.31-46.el7_5.noarch.rpm
yum-plugin-list-data-1.1.31-46.el7_5.noarch.rpm
yum-plugin-local-1.1.31-46.el7_5.noarch.rpm
yum-plugin-merge-conf-1.1.31-46.el7_5.noarch.rpm
yum-plugin-post-transaction-actions-1.1.31-46.el7_5.noarch.rpm
yum-plugin-pre-transaction-actions-1.1.31-46.el7_5.noarch.rpm
yum-plugin-priorities-1.1.31-46.el7_5.noarch.rpm
yum-plugin-protectbase-1.1.31-46.el7_5.noarch.rpm
yum-plugin-ps-1.1.31-46.el7_5.noarch.rpm
yum-plugin-remove-with-leaves-1.1.31-46.el7_5.noarch.rpm
yum-plugin-rpm-warm-cache-1.1.31-46.el7_5.noarch.rpm
yum-plugin-show-leaves-1.1.31-46.el7_5.noarch.rpm
yum-plugin-tsflags-1.1.31-46.el7_5.noarch.rpm
yum-plugin-upgrade-helper-1.1.31-46.el7_5.noarch.rpm
yum-updateonboot-1.1.31-46.el7_5.noarch.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
yum-utils-1.1.31-46.el7_5.src.rpm

noarch:
yum-plugin-aliases-1.1.31-46.el7_5.noarch.rpm
yum-plugin-changelog-1.1.31-46.el7_5.noarch.rpm
yum-plugin-ovl-1.1.31-46.el7_5.noarch.rpm
yum-plugin-tmprepo-1.1.31-46.el7_5.noarch.rpm
yum-plugin-verify-1.1.31-46.el7_5.noarch.rpm
yum-plugin-versionlock-1.1.31-46.el7_5.noarch.rpm
yum-utils-1.1.31-46.el7_5.noarch.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
yum-NetworkManager-dispatcher-1.1.31-46.el7_5.noarch.rpm
yum-plugin-auto-update-debug-info-1.1.31-46.el7_5.noarch.rpm
yum-plugin-copr-1.1.31-46.el7_5.noarch.rpm
yum-plugin-fastestmirror-1.1.31-46.el7_5.noarch.rpm
yum-plugin-filter-data-1.1.31-46.el7_5.noarch.rpm
yum-plugin-fs-snapshot-1.1.31-46.el7_5.noarch.rpm
yum-plugin-keys-1.1.31-46.el7_5.noarch.rpm
yum-plugin-list-data-1.1.31-46.el7_5.noarch.rpm
yum-plugin-local-1.1.31-46.el7_5.noarch.rpm
yum-plugin-merge-conf-1.1.31-46.el7_5.noarch.rpm
yum-plugin-post-transaction-actions-1.1.31-46.el7_5.noarch.rpm
yum-plugin-pre-transaction-actions-1.1.31-46.el7_5.noarch.rpm
yum-plugin-priorities-1.1.31-46.el7_5.noarch.rpm
yum-plugin-protectbase-1.1.31-46.el7_5.noarch.rpm
yum-plugin-ps-1.1.31-46.el7_5.noarch.rpm
yum-plugin-remove-with-leaves-1.1.31-46.el7_5.noarch.rpm
yum-plugin-rpm-warm-cache-1.1.31-46.el7_5.noarch.rpm
yum-plugin-show-leaves-1.1.31-46.el7_5.noarch.rpm
yum-plugin-tsflags-1.1.31-46.el7_5.noarch.rpm
yum-plugin-upgrade-helper-1.1.31-46.el7_5.noarch.rpm
yum-updateonboot-1.1.31-46.el7_5.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-10897
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW18my9zjgjWX9erEAQiAzRAApwL12AfjTV8m83gwa/HSzxY4ZX5suqhL
dRZldE6vrlU5PSlKq65+9aozV+i5QKrnOwAoBWfBhJ3gEUYSNur1Ubxk8VKAwGQ2
F+hLhvs+KDINQfvlAyAwyILOs7ldAP9sORJ4DcWkzy60DPQ4aa3Ly18X7ealGkGj
xDxoyUQveK3gwitwx1C/pfeZtvpuo8D/NS9m95U+kM6WemAg4m6gcLNg9oRDgjxb
w22oh0W/IJOLX1jS8sXjkJDuHs8l70Tkjjckz5AHdtUC6gyrr8z8ZXM2EedZHfLg
JV0Sv5g/MpaxlU4pvbUhZBspy6WeAjTHU44tYuYDUnIb0243BcmtONFF0qeRK2dZ
Ko6bxfroyXL3OQHwoUI7wxFwSw+B4Xl04C8Cnc5ZkUpIJt2KyfOXuXk2ie91+abV
RxPx3qpY8DeICETnKO8eo+s1v/rhzbt33JeYfBwFZk0OEMnVJIN5Z3YQUansjtFC
0GDj6/8rwHsDmzX6qzcDMrZePotSaP1XilZPHEUzc7itKhAjHj0vHmmZWttVzvrq
Jq1YJv7Q8RIDgLeNWfNYMNZimQHnDIVW6De1/5XgR08CXMkRL+zlQg2I5GwNouBB
gITm1UedMrNdX2X1z4PXDpi2Bmcnf0rX1savrOQD0jckBJ/06lGMCsSYmyhLuVOZ
F5Z2NV+wuZc=
=/mh/
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: yum-utils security update
Advisory ID:       RHSA-2018:2284-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2284
Issue date:        2018-07-30
CVE Names:         CVE-2018-10897 
=====================================================================

1. Summary:

An update for yum-utils is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - noarch
Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch
Red Hat Enterprise Linux HPC Node (v. 6) - noarch
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch
Red Hat Enterprise Linux Server (v. 6) - noarch
Red Hat Enterprise Linux Server Optional (v. 6) - noarch
Red Hat Enterprise Linux Workstation (v. 6) - noarch
Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch

3. Description:

The yum-utils packages provide a collection of utilities and examples for
the yum package manager to make yum easier and more powerful to use.

Security Fix(es):

* yum-utils: reposync: improper path validation may lead to directory
traversal (CVE-2018-10897)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Jay Grizzard (Clover Network) and Aaron Levy
(Clover Network) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1600221 - CVE-2018-10897 yum-utils: reposync: improper path validation may lead to directory traversal

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
yum-utils-1.1.30-42.el6_10.src.rpm

noarch:
yum-plugin-aliases-1.1.30-42.el6_10.noarch.rpm
yum-plugin-changelog-1.1.30-42.el6_10.noarch.rpm
yum-plugin-ovl-1.1.30-42.el6_10.noarch.rpm
yum-plugin-security-1.1.30-42.el6_10.noarch.rpm
yum-plugin-tmprepo-1.1.30-42.el6_10.noarch.rpm
yum-plugin-verify-1.1.30-42.el6_10.noarch.rpm
yum-plugin-versionlock-1.1.30-42.el6_10.noarch.rpm
yum-utils-1.1.30-42.el6_10.noarch.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

noarch:
yum-NetworkManager-dispatcher-1.1.30-42.el6_10.noarch.rpm
yum-plugin-auto-update-debug-info-1.1.30-42.el6_10.noarch.rpm
yum-plugin-fastestmirror-1.1.30-42.el6_10.noarch.rpm
yum-plugin-filter-data-1.1.30-42.el6_10.noarch.rpm
yum-plugin-fs-snapshot-1.1.30-42.el6_10.noarch.rpm
yum-plugin-keys-1.1.30-42.el6_10.noarch.rpm
yum-plugin-list-data-1.1.30-42.el6_10.noarch.rpm
yum-plugin-local-1.1.30-42.el6_10.noarch.rpm
yum-plugin-merge-conf-1.1.30-42.el6_10.noarch.rpm
yum-plugin-post-transaction-actions-1.1.30-42.el6_10.noarch.rpm
yum-plugin-priorities-1.1.30-42.el6_10.noarch.rpm
yum-plugin-protectbase-1.1.30-42.el6_10.noarch.rpm
yum-plugin-ps-1.1.30-42.el6_10.noarch.rpm
yum-plugin-remove-with-leaves-1.1.30-42.el6_10.noarch.rpm
yum-plugin-rpm-warm-cache-1.1.30-42.el6_10.noarch.rpm
yum-plugin-show-leaves-1.1.30-42.el6_10.noarch.rpm
yum-plugin-tsflags-1.1.30-42.el6_10.noarch.rpm
yum-plugin-upgrade-helper-1.1.30-42.el6_10.noarch.rpm
yum-updateonboot-1.1.30-42.el6_10.noarch.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
yum-utils-1.1.30-42.el6_10.src.rpm

noarch:
yum-plugin-aliases-1.1.30-42.el6_10.noarch.rpm
yum-plugin-changelog-1.1.30-42.el6_10.noarch.rpm
yum-plugin-ovl-1.1.30-42.el6_10.noarch.rpm
yum-plugin-security-1.1.30-42.el6_10.noarch.rpm
yum-plugin-tmprepo-1.1.30-42.el6_10.noarch.rpm
yum-plugin-verify-1.1.30-42.el6_10.noarch.rpm
yum-plugin-versionlock-1.1.30-42.el6_10.noarch.rpm
yum-utils-1.1.30-42.el6_10.noarch.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

noarch:
yum-NetworkManager-dispatcher-1.1.30-42.el6_10.noarch.rpm
yum-plugin-auto-update-debug-info-1.1.30-42.el6_10.noarch.rpm
yum-plugin-fastestmirror-1.1.30-42.el6_10.noarch.rpm
yum-plugin-filter-data-1.1.30-42.el6_10.noarch.rpm
yum-plugin-fs-snapshot-1.1.30-42.el6_10.noarch.rpm
yum-plugin-keys-1.1.30-42.el6_10.noarch.rpm
yum-plugin-list-data-1.1.30-42.el6_10.noarch.rpm
yum-plugin-local-1.1.30-42.el6_10.noarch.rpm
yum-plugin-merge-conf-1.1.30-42.el6_10.noarch.rpm
yum-plugin-post-transaction-actions-1.1.30-42.el6_10.noarch.rpm
yum-plugin-priorities-1.1.30-42.el6_10.noarch.rpm
yum-plugin-protectbase-1.1.30-42.el6_10.noarch.rpm
yum-plugin-ps-1.1.30-42.el6_10.noarch.rpm
yum-plugin-remove-with-leaves-1.1.30-42.el6_10.noarch.rpm
yum-plugin-rpm-warm-cache-1.1.30-42.el6_10.noarch.rpm
yum-plugin-show-leaves-1.1.30-42.el6_10.noarch.rpm
yum-plugin-tsflags-1.1.30-42.el6_10.noarch.rpm
yum-plugin-upgrade-helper-1.1.30-42.el6_10.noarch.rpm
yum-updateonboot-1.1.30-42.el6_10.noarch.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
yum-utils-1.1.30-42.el6_10.src.rpm

noarch:
yum-plugin-aliases-1.1.30-42.el6_10.noarch.rpm
yum-plugin-changelog-1.1.30-42.el6_10.noarch.rpm
yum-plugin-ovl-1.1.30-42.el6_10.noarch.rpm
yum-plugin-security-1.1.30-42.el6_10.noarch.rpm
yum-plugin-tmprepo-1.1.30-42.el6_10.noarch.rpm
yum-plugin-verify-1.1.30-42.el6_10.noarch.rpm
yum-plugin-versionlock-1.1.30-42.el6_10.noarch.rpm
yum-utils-1.1.30-42.el6_10.noarch.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

noarch:
yum-NetworkManager-dispatcher-1.1.30-42.el6_10.noarch.rpm
yum-plugin-auto-update-debug-info-1.1.30-42.el6_10.noarch.rpm
yum-plugin-fastestmirror-1.1.30-42.el6_10.noarch.rpm
yum-plugin-filter-data-1.1.30-42.el6_10.noarch.rpm
yum-plugin-fs-snapshot-1.1.30-42.el6_10.noarch.rpm
yum-plugin-keys-1.1.30-42.el6_10.noarch.rpm
yum-plugin-list-data-1.1.30-42.el6_10.noarch.rpm
yum-plugin-local-1.1.30-42.el6_10.noarch.rpm
yum-plugin-merge-conf-1.1.30-42.el6_10.noarch.rpm
yum-plugin-post-transaction-actions-1.1.30-42.el6_10.noarch.rpm
yum-plugin-priorities-1.1.30-42.el6_10.noarch.rpm
yum-plugin-protectbase-1.1.30-42.el6_10.noarch.rpm
yum-plugin-ps-1.1.30-42.el6_10.noarch.rpm
yum-plugin-remove-with-leaves-1.1.30-42.el6_10.noarch.rpm
yum-plugin-rpm-warm-cache-1.1.30-42.el6_10.noarch.rpm
yum-plugin-show-leaves-1.1.30-42.el6_10.noarch.rpm
yum-plugin-tsflags-1.1.30-42.el6_10.noarch.rpm
yum-plugin-upgrade-helper-1.1.30-42.el6_10.noarch.rpm
yum-updateonboot-1.1.30-42.el6_10.noarch.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
yum-utils-1.1.30-42.el6_10.src.rpm

noarch:
yum-plugin-aliases-1.1.30-42.el6_10.noarch.rpm
yum-plugin-changelog-1.1.30-42.el6_10.noarch.rpm
yum-plugin-ovl-1.1.30-42.el6_10.noarch.rpm
yum-plugin-security-1.1.30-42.el6_10.noarch.rpm
yum-plugin-tmprepo-1.1.30-42.el6_10.noarch.rpm
yum-plugin-verify-1.1.30-42.el6_10.noarch.rpm
yum-plugin-versionlock-1.1.30-42.el6_10.noarch.rpm
yum-utils-1.1.30-42.el6_10.noarch.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

noarch:
yum-NetworkManager-dispatcher-1.1.30-42.el6_10.noarch.rpm
yum-plugin-auto-update-debug-info-1.1.30-42.el6_10.noarch.rpm
yum-plugin-fastestmirror-1.1.30-42.el6_10.noarch.rpm
yum-plugin-filter-data-1.1.30-42.el6_10.noarch.rpm
yum-plugin-fs-snapshot-1.1.30-42.el6_10.noarch.rpm
yum-plugin-keys-1.1.30-42.el6_10.noarch.rpm
yum-plugin-list-data-1.1.30-42.el6_10.noarch.rpm
yum-plugin-local-1.1.30-42.el6_10.noarch.rpm
yum-plugin-merge-conf-1.1.30-42.el6_10.noarch.rpm
yum-plugin-post-transaction-actions-1.1.30-42.el6_10.noarch.rpm
yum-plugin-priorities-1.1.30-42.el6_10.noarch.rpm
yum-plugin-protectbase-1.1.30-42.el6_10.noarch.rpm
yum-plugin-ps-1.1.30-42.el6_10.noarch.rpm
yum-plugin-remove-with-leaves-1.1.30-42.el6_10.noarch.rpm
yum-plugin-rpm-warm-cache-1.1.30-42.el6_10.noarch.rpm
yum-plugin-show-leaves-1.1.30-42.el6_10.noarch.rpm
yum-plugin-tsflags-1.1.30-42.el6_10.noarch.rpm
yum-plugin-upgrade-helper-1.1.30-42.el6_10.noarch.rpm
yum-updateonboot-1.1.30-42.el6_10.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-10897
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW18nktzjgjWX9erEAQh1VQ//QVtVm0OC/U4vyKCnXp6LuWjcAlRVbHHV
ryZ+snA3elx4NAQ4j0Nn2AkA6oJAlaffFmT8izBKt64v3dYG8XppD1Ch+pomP35N
04Jsq9pQtInwTcKSbvdIxuT6wTh6VJEinMPlRdF7VemHz+lIesQvfCNsoRM5o4ND
fO9zHOHEcDgMX1pu1Es75JcWDOJ/qliGLmfvPsodq85UtommuBIsD+NF/jj5OfYx
bKnAmI8U2vFvrEL5vI+1jfEXWK0YgH1nKbNuR7o3C3Vpwrvtt4WCtDRJu9GvkjSw
AJPV7JnWmOIWasqW9ndxYGftIjVVD9zwWfgx6O3WAQv0pBjDCIHbTZVvOyMarA5V
31GU165EbIRwvyjdJ5BJ2acQhExaT1tXaykDntQ1gdETLOjLClg7/98Cv3kJwKw6
wMMm+XsoHIw9UWsFKM51ZPh7VKgdRh0oHNWcoTmIvxziID+5GCqVo1fAq8JxSNDE
qXDq1lNB8HQyAxaNE5f/LJpUKxgQLf8Vy+51bO8kknuCAyCdWXL/vooi2FPe2dU2
CEFgoQZN8YpZhAhMc/PAcEyXekiCcLC2hlsT1mQm0a00CDFrKX83plt2xMdMxYO2
b/MiKe1+s3sUlNCddXcQJNszdtmCRBecftA7TbcFFGiHlHjgB3MhUksbIe1B72kI
Kz1WcQYtTY8=
=2maJ
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW1+sRWaOgq3Tt24GAQg9LRAAzfj0raHTGkKq8RTCoeQT3yNHvRocsh5V
ax2XIXx/A4u+m/0a3mF9CwI0m1xzuZlLw2IWS5QPnoZt3JAIPGgXRY9if9W7VMKj
krGx/+KNg06/wLeHZ77aOpa23vjnUs8RVwPYUN+aXwW3ry5+XPBt4spRttH3WxGK
QTddJzi06OZn1DtabqKdYunlL5ZunEimV4IIfiDGHfN7KeFQQyuNiiAolJEkbQYV
3P10B+eRVuG7231xXkmgpkOTyLQFEOQAu1SYBh9Qk6/0ejhCYvcBrSCxKR652/c4
08egeZuqDS7kKh0cS5WYVbuzvCMLUOUMpGIRogpNyK34DzsQzISl9HGsfQASdF4N
rMQHTnPpPfgztMKkY8keRgtdXjwWEkXTIwCYsxXXqcxpU+ARPU7FTmWyQvaG8aTw
4RcqosOvX74PeLFrFTe16/YFeqvJHvoT/cQeyX+3tJlBvEt1YyJ7jAA4L2hqyNYs
mxTf4rp+FnQXNBrF/+XV+KxtD99koVPvp+nM1Q9Ffvmlebff/muhvPxYDvTmorWo
1+VdqhXVh6vc0pgTOj9OR3BDWw/G/NW+/0EW7TE5gP+bsSKml8B0za1V3P7e5R40
MAxi2605jbG+KrtTtlDdDRN9gI8w0Gc1ewHn6w5TC2JsAB3kf7QVG52u3U+k+A0p
acamxJpKCEU=
=pJav
-----END PGP SIGNATURE-----

« Back to bulletins