vulnerability

Red Hat: CVE-2018-10897: Important: yum-utils security update (Multiple Advisories)

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
2018-07-30
Added
2018-07-31
Modified
2023-02-14

Description

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.

Solution(s)

redhat-upgrade-yum-networkmanager-dispatcherredhat-upgrade-yum-plugin-aliasesredhat-upgrade-yum-plugin-auto-update-debug-inforedhat-upgrade-yum-plugin-changelogredhat-upgrade-yum-plugin-coprredhat-upgrade-yum-plugin-fastestmirrorredhat-upgrade-yum-plugin-filter-dataredhat-upgrade-yum-plugin-fs-snapshotredhat-upgrade-yum-plugin-keysredhat-upgrade-yum-plugin-list-dataredhat-upgrade-yum-plugin-localredhat-upgrade-yum-plugin-merge-confredhat-upgrade-yum-plugin-ovlredhat-upgrade-yum-plugin-post-transaction-actionsredhat-upgrade-yum-plugin-pre-transaction-actionsredhat-upgrade-yum-plugin-prioritiesredhat-upgrade-yum-plugin-protectbaseredhat-upgrade-yum-plugin-psredhat-upgrade-yum-plugin-remove-with-leavesredhat-upgrade-yum-plugin-rpm-warm-cacheredhat-upgrade-yum-plugin-securityredhat-upgrade-yum-plugin-show-leavesredhat-upgrade-yum-plugin-tmpreporedhat-upgrade-yum-plugin-tsflagsredhat-upgrade-yum-plugin-upgrade-helperredhat-upgrade-yum-plugin-verifyredhat-upgrade-yum-plugin-versionlockredhat-upgrade-yum-updateonbootredhat-upgrade-yum-utils
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.