SUSE-SU-2018:2898-1 -- SLES smtID: oval:org.secpod.oval:def:89002412 | Date: (C)2021-02-25 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues: These security issues were fixed in SMT: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read . - CVE-2018-12470: SQL injection in RegistrationSharing module allows remote attackers to run arbitrary SQL statements . - CVE-2018-12472: Authentication bypass in sibling check facilitated further attacks on SMT . SUSE would like to thank Jake Miller for reporting these issues to us. These non-security issues were fixed in SMT: - Fix cron jobs randomization - Fix duplicate migration paths This non-security issue was fixed in yast2-smt: - Remove cron job rescheduling - Added missing translation marks - Explicitly mention quot;Organization Credentialsquot; - Rearrange the SMT set-up dialog - Make the Filter button default - Prevent exiting the repo selection dialog via hitting Enter in the repository filter - report when error occurs during repo mirroring - Use TextEntry-based filter for repos
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP2 |