Explore top 10 tips to secure your open-source projects now. Read More
×
This update for smt to 2.0.34 fixes the following issues: These security issues were fixed: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read (bsc#1103809) - CVE-2018-12470: SQL injection in RegistrationSharing module allows remote attackers to run arbitary SQL statements (bsc#1103810) - CVE-2018-12472: Authentication bypass in sibling check facilitated further attacks on SMT (bsc#1104076) SUSE would like to thank Jake Miller for reporting these issues to us. This non-security issue was fixed: - More verbose incomplete registration logging (bsc#1072921, bsc#1074608) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
#1072921 #1074608 #1103809 #1103810 #1104076
Cross- CVE-2018-12470 CVE-2018-12471 CVE-2018-12472
Affected Products:
Subscription Management Tool for SUSE Linux Enterprise 11-SP3
https://www.suse.com/security/cve/CVE-2018-12470.html
https://www.suse.com/security/cve/CVE-2018-12471.html
https://www.suse.com/security/cve/CVE-2018-12472.html
https://bugzilla.suse.com/1072921
https://bugzilla.suse.com/1074608
https://bugzilla.suse.com/1103809
https://bugzilla.suse.com/1103810
https://bugzilla.suse.com/1104076
Get the latest Linux and open source security news straight to your inbox.