ALAS2-2018-1063 --- yum-plugin yum-updateonboot yum-NetworkManager-dispatcher yum-utilsID: oval:org.secpod.oval:def:1700074 | Date: (C)2018-08-27 (M)2023-07-28 |
Class: PATCH | Family: unix |
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files
Product: |
yum-plugin |
yum-updateonboot |
yum-NetworkManager-dispatcher |
yum-utils |