Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

RedHat: RHSA-2019-3583-01 Moderate: Yum Security Updates and Fixes

red hat
Calendar Grey November 5, 2019
Dist Redhat Esm H88
Ubuntu has released an important security notification regarding apt, offering patches and enhancements for Ubuntu 20.04 LTS.
An update for yum is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Yum is a command-line utility that allows the user to check for updates and automatically download and install updated RPM packages. Yum automatically obtains and downloads dependencies, prompting the user for permission as necessary.
The following packages have been upgraded to a later upstream version: dnf (4.2.7), dnf-plugins-core (4.0.8), libcomps (0.1.11), libdnf (0.35.1), librepo (1.10.3), libsolv (0.7.4). (BZ#1690288, BZ#1690289, BZ#1690299, BZ#1692402, BZ#1694019, BZ#1697946)
Security Fix(es):
* libcomps: use after free when merging two objmrtrees (CVE-2019-3817)
* libsolv: illegal address access in pool_whatprovides in src/pool.h (CVE-2018-20534)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory moderate bug fix red hat enterprise linux libcomps libsolv yum security

References

https://access.redhat.com/security/cve/CVE-2018-20534 https://access.redhat.com/security/cve/CVE-2019-3817 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: createrepo_c-0.11.0-3.el8.src.rpm
aarch64: createrepo_c-0.11.0-3.el8.aarch64.rpm createrepo_c-debuginfo-0.11.0-3.el8.aarch64.rpm createrepo_c-debugsource-0.11.0-3.el8.aarch64.rpm createrepo_c-devel-0.11.0-3.el8.aarch64.rpm createrepo_c-libs-0.11.0-3.el8.aarch64.rpm createrepo_c-libs-debuginfo-0.11.0-3.el8.aarch64.rpm python3-createrepo_c-0.11.0-3.el8.aarch64.rpm python3-createrepo_c-debuginfo-0.11.0-3.el8.aarch64.rpm
ppc64le: createrepo_c-0.11.0-3.el8.ppc64le.rpm createrepo_c-debuginfo-0.11.0-3.el8.ppc64le.rpm createrepo_c-debugsource-0.11.0-3.el8.ppc64le.rpm createrepo_c-devel-0.11.0-3.el8.ppc64le.rpm createrepo_c-libs-0.11.0-3.el8.ppc64le.rpm createrepo_c-libs-debuginfo-0.11.0-3.el8.ppc64le.rpm python3-createrepo_c-0.11.0-3.el8.ppc64le.rpm python3-createrepo_c-debuginfo-0.11.0-3.el8.ppc64le.rpm
s390x: createrepo_c-0.11.0-3.el8.s390x.rpm createrepo_c-debuginfo-0.11.0-3.el8.s390x.rpm createrepo_c-debugsource-0.11.0-3.el8.s390x.rpm createrepo_c-devel-0.11.0-3.el8.s390x.rpm createrepo_c-libs-0.11.0-3.el8.s390x.rpm createrepo_c-libs-debuginfo-0.11.0-3.el8.s390x.rpm python3-createrepo_c-0.11.0-3.el8.s390x.rpm python3-createrepo_c-debuginfo-0.11.0-3.el8.s390x.rpm
x86_64: createrepo_c-0.11.0-3.el8.x86_64.rpm

Read the Full Advisory


Advisory ID: RHSA-2019:3583-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3583
Issue date: 2019-11-05

Topic

An update for yum is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate bug fix red hat enterprise linux libcomps libsolv yum security

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

Bugs Fixed

1650266 - microdnf - sockets not supported building layer on rhel8-beta/rhel-minimal image

1655605 - yum list available --showduplicates will list not only available packages but packages installed on the system.

1656584 - Add support for modular errata

1656801 - `dnf update`: "Errors occurred during transaction" due to POSTUN scriptlet failures

1657703 - [abrt] [faf] dnf: hdrFromFdno(): /usr/lib64/python3.6/site-packages/rpm/transaction.py killed by _rpm.error

1657851 - yum displays dnf in -h

1658579 - Be explicite about the REPODIR used in the Error message.

1663533 - proxy bypass behavior incompatible with previous versions

1665538 - CVE-2018-20534 libsolv: illegal address access in pool_whatprovides in src/pool.h

1666325 - yum alias list does not work properly

1667898 - repoquery --whatrequires only accepts one pkgspec

1668005 - CVE-2019-3817 libcomps: use after free when merging two objmrtrees

1670835 - [manpage] yum2dnf incorrect and missing info

1671731 - dnf list showduplicates incorrect output

1671839 - dnf: Typo in es_US localization

1672649 - Add dnf.package.Package API for getting pkgid of package from repo in DNF plugin

1673278 - [manpage] inconsistent cmdline options docs: dnf --help/man page

1673289 - dnf enableplugin/disableplugin does not report unknown plugin

1673902 - missing yum-copr man page

1673913 - option tsflags missing in dnf.conf

1673920 - confusing yum-plugin-changelog documentation

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here