Uploaded image for project: 'Cloud Enablement'
  1. Cloud Enablement
  2. CLOUD-2775

Rebuild JDV 6.4.3 imgs to fix important yum-utils CVE-2018-10897

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: JDV64 1.1.1.GA
    • Component/s: JDV
    • Labels:
      None

      Description

      A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files.

      https://access.redhat.com/security/cve/cve-2018-10897

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                jan.renaat Jan Schatteman
                Reporter:
                jan.renaat Jan Schatteman
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: