Candidate: CVE-2018-10897
PublicDate: 2018-08-01 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10897
 https://bugzilla.redhat.com/show_bug.cgi?id=1600221
Description:
 A directory traversal issue was found in reposync, a part of yum-utils,
 where reposync fails to sanitize paths in remote repository configuration
 files. If an attacker controls a repository, they may be able to copy files
 outside of the destination directory on the targeted system via path
 traversal. If reposync is running with heightened privileges on a targeted
 system, this flaw could potentially result in system compromise via the
 overwriting of critical system files. Version 1.1.31 and older are believed
 to be affected.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]


Patches_yum-utils:
upstream_yum-utils: released (1.1.31-2.2)
precise/esm_yum-utils: DNE
trusty_yum-utils: ignored (reached end-of-life)
trusty/esm_yum-utils: DNE (trusty was needs-triage)
xenial_yum-utils: not-affected (1.1.31-2.2)
artful_yum-utils: ignored (reached end-of-life)
bionic_yum-utils: not-affected (1.1.31-2.2)
cosmic_yum-utils: ignored (reached end-of-life)
disco_yum-utils: not-affected (1.1.31-2.2)
devel_yum-utils: not-affected (1.1.31-2.2)