This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues: These security issues were fixed in SMT: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read . - CVE-2018-12470: SQL injection in RegistrationSharing module allows remote attackers to run arbitrary SQL statements . - CVE-2018-12472: Authentication bypass in sibling check facilitated further attacks on SMT . SUSE would like to thank Jake Miller for reporting these issues to us. These non-security issues were fixed in SMT: - Fix cron jobs randomization - Fix duplicate migration paths This non-security issue was fixed in yast2-smt: - Remove cron job rescheduling - Added missing translation marks - Explicitly mention quot;Organization Credentialsquot; - Rearrange the SMT set-up dialog - Make the Filter button default - Prevent exiting the repo selection dialog via hitting Enter in the repository filter - report when error occurs during repo mirroring - Use TextEntry-based filter for repos