Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:GA
patchinfo.8417
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.8417
<patchinfo incident="8417"> <issue tracker="bnc" id="1103809">VUL-0: EMBARGOED: CVE-2018-12471: smt: Xml External Entity processing in the RegistrationSharing modules allows arbitrary file read</issue> <issue tracker="bnc" id="1104076">VUL-0: EMBARGOED: CVE-2018-12472: smt: authentication bypass in sibling check</issue> <issue tracker="bnc" id="1097824">[Migration] [RMT] upgrade from SLES12SP3+HPC module to HPC15 via RMT: Two Migration targets</issue> <issue tracker="bnc" id="1097560">SCC delivers incomplete product data</issue> <issue tracker="bnc" id="1103810">VUL-0: EMBARGOED: CVE-2018-12470: smt: SQL injection in RegistrationSharing module</issue> <issue tracker="bnc" id="1037811">SLES12_SP3_LOC : ALL_LANGS:Untranslated text in SMT/'SMT Configuration Wizard-Steps 2/2' dialog</issue> <issue tracker="bnc" id="977043">YaST2 SMT window starts in partially unreadable size</issue> <issue tracker="bnc" id="1006984">yast2-smt: crashes in filter</issue> <issue tracker="bnc" id="1006989">yast2-smt: no error check for mkdir</issue> <issue tracker="cve" id="2018-12472"/> <issue tracker="cve" id="2018-12470"/> <issue tracker="cve" id="2018-12471"/> <issue tracker="fate" id="321759"/> <issue tracker="fate" id="319777"/> <category>security</category> <rating>important</rating> <packager>ikapelyukhin</packager> <description>This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues: These security issues were fixed in SMT: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read (bsc#1103809). - CVE-2018-12470: SQL injection in RegistrationSharing module allows remote attackers to run arbitrary SQL statements (bsc#1103810). - CVE-2018-12472: Authentication bypass in sibling check facilitated further attacks on SMT (bsc#1104076). SUSE would like to thank Jake Miller for reporting these issues to us. These non-security issues were fixed in SMT: - Fix cron jobs randomization (bsc#1097560) - Fix duplicate migration paths (bsc#1097824) This non-security issue was fixed in yast2-smt: - Remove cron job rescheduling (bsc#1097560) - Added missing translation marks (bsc#1037811) - Explicitly mention "Organization Credentials" (fate#321759) - Rearrange the SMT set-up dialog (bsc#977043) - Make the Filter button default (bsc#1006984) - Prevent exiting the repo selection dialog via hitting Enter in the repository filter (bsc#1006984) - report when error occurs during repo mirroring (bsc#1006989) - Use TextEntry-based filter for repos (fate#319777) </description> <summary>Security update for smt, yast2-smt</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor