(RHSA-2019:3583) Moderate: yum security, bug fix, and enhancement update

2019-11-0518:04:04

access.redhat.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

77.6%

JSON

Yum is a command-line utility that allows the user to check for updates and automatically download and install updated RPM packages. Yum automatically obtains and downloads dependencies, prompting the user for permission as necessary.

The following packages have been upgraded to a later upstream version: dnf (4.2.7), dnf-plugins-core (4.0.8), libcomps (0.1.11), libdnf (0.35.1), librepo (1.10.3), libsolv (0.7.4). (BZ#1690288, BZ#1690289, BZ#1690299, BZ#1692402, BZ#1694019, BZ#1697946)

Security Fix(es):

libcomps: use after free when merging two objmrtrees (CVE-2019-3817)
libsolv: illegal address access in pool_whatprovides in src/pool.h (CVE-2018-20534)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8s390xpython3-libcomps< 0.1.11-2.el8python3-libcomps-0.1.11-2.el8.s390x.rpm
RedHat8ppc64lelibcomps-devel< 0.1.11-2.el8libcomps-devel-0.1.11-2.el8.ppc64le.rpm
RedHat8noarchdnf-plugins-core< 4.0.8-3.el8dnf-plugins-core-4.0.8-3.el8.noarch.rpm
RedHat8ppc64lecreaterepo_c-libs-debuginfo< 0.11.0-3.el8createrepo_c-libs-debuginfo-0.11.0-3.el8.ppc64le.rpm
RedHat8ppc64lepython3-librepo< 1.10.3-3.el8python3-librepo-1.10.3-3.el8.ppc64le.rpm
RedHat8i686createrepo_c-debuginfo< 0.11.0-3.el8createrepo_c-debuginfo-0.11.0-3.el8.i686.rpm
RedHat8ppc64lepython3-createrepo_c< 0.11.0-3.el8python3-createrepo_c-0.11.0-3.el8.ppc64le.rpm
RedHat8x86_64python3-libcomps-debuginfo< 0.1.11-2.el8python3-libcomps-debuginfo-0.1.11-2.el8.x86_64.rpm
RedHat8s390xpython3-createrepo_c< 0.11.0-3.el8python3-createrepo_c-0.11.0-3.el8.s390x.rpm
RedHat8x86_64python3-hawkey< 0.35.1-8.el8python3-hawkey-0.35.1-8.el8.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	s390x	python3-libcomps	< 0.1.11-2.el8	python3-libcomps-0.1.11-2.el8.s390x.rpm
RedHat	8	ppc64le	libcomps-devel	< 0.1.11-2.el8	libcomps-devel-0.1.11-2.el8.ppc64le.rpm
RedHat	8	noarch	dnf-plugins-core	< 4.0.8-3.el8	dnf-plugins-core-4.0.8-3.el8.noarch.rpm
RedHat	8	ppc64le	createrepo_c-libs-debuginfo	< 0.11.0-3.el8	createrepo_c-libs-debuginfo-0.11.0-3.el8.ppc64le.rpm
RedHat	8	ppc64le	python3-librepo	< 1.10.3-3.el8	python3-librepo-1.10.3-3.el8.ppc64le.rpm
RedHat	8	i686	createrepo_c-debuginfo	< 0.11.0-3.el8	createrepo_c-debuginfo-0.11.0-3.el8.i686.rpm
RedHat	8	ppc64le	python3-createrepo_c	< 0.11.0-3.el8	python3-createrepo_c-0.11.0-3.el8.ppc64le.rpm
RedHat	8	x86_64	python3-libcomps-debuginfo	< 0.1.11-2.el8	python3-libcomps-debuginfo-0.1.11-2.el8.x86_64.rpm
RedHat	8	s390x	python3-createrepo_c	< 0.11.0-3.el8	python3-createrepo_c-0.11.0-3.el8.s390x.rpm
RedHat	8	x86_64	python3-hawkey	< 0.35.1-8.el8	python3-hawkey-0.35.1-8.el8.x86_64.rpm