Security update for smt, yast2-smt SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:2898-2 Final 1 1 2018-10-18T12:49:39Z current 2018-10-18T12:49:39Z 2018-10-18T12:49:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for smt, yast2-smt This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues: These security issues were fixed in SMT: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read (bsc#1103809). - CVE-2018-12470: SQL injection in RegistrationSharing module allows remote attackers to run arbitrary SQL statements (bsc#1103810). - CVE-2018-12472: Authentication bypass in sibling check facilitated further attacks on SMT (bsc#1104076). SUSE would like to thank Jake Miller for reporting these issues to us. These non-security issues were fixed in SMT: - Fix cron jobs randomization (bsc#1097560) - Fix duplicate migration paths (bsc#1097824) This non-security issue was fixed in yast2-smt: - Remove cron job rescheduling (bsc#1097560) - Added missing translation marks (bsc#1037811) - Explicitly mention 'Organization Credentials' (fate#321759) - Rearrange the SMT set-up dialog (bsc#977043) - Make the Filter button default (bsc#1006984) - Prevent exiting the repo selection dialog via hitting Enter in the repository filter (bsc#1006984) - report when error occurs during repo mirroring (bsc#1006989) - Use TextEntry-based filter for repos (fate#319777) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-SERVER-12-SP2-BCL-2018-2056 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20182898-2/ Link for SUSE-SU-2018:2898-2 https://lists.suse.com/pipermail/sle-security-updates/2018-October/004724.html E-Mail link for SUSE-SU-2018:2898-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1006984 SUSE Bug 1006984 https://bugzilla.suse.com/1006989 SUSE Bug 1006989 https://bugzilla.suse.com/1037811 SUSE Bug 1037811 https://bugzilla.suse.com/1097560 SUSE Bug 1097560 https://bugzilla.suse.com/1097824 SUSE Bug 1097824 https://bugzilla.suse.com/1103809 SUSE Bug 1103809 https://bugzilla.suse.com/1103810 SUSE Bug 1103810 https://bugzilla.suse.com/1104076 SUSE Bug 1104076 https://bugzilla.suse.com/977043 SUSE Bug 977043 https://www.suse.com/security/cve/CVE-2018-12470/ SUSE CVE CVE-2018-12470 page https://www.suse.com/security/cve/CVE-2018-12471/ SUSE CVE CVE-2018-12471 page https://www.suse.com/security/cve/CVE-2018-12472/ SUSE CVE CVE-2018-12472 page SUSE Linux Enterprise Server 12 SP2-BCL res-signingkeys-3.0.37-52.23.6 smt-3.0.37-52.23.6 smt-support-3.0.37-52.23.6 res-signingkeys-3.0.37-52.23.6 as a component of SUSE Linux Enterprise Server 12 SP2-BCL smt-3.0.37-52.23.6 as a component of SUSE Linux Enterprise Server 12 SP2-BCL smt-support-3.0.37-52.23.6 as a component of SUSE Linux Enterprise Server 12 SP2-BCL A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37. CVE-2018-12470 SUSE Linux Enterprise Server 12 SP2-BCL:res-signingkeys-3.0.37-52.23.6 SUSE Linux Enterprise Server 12 SP2-BCL:smt-3.0.37-52.23.6 SUSE Linux Enterprise Server 12 SP2-BCL:smt-support-3.0.37-52.23.6 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182898-2/ https://www.suse.com/security/cve/CVE-2018-12470.html CVE-2018-12470 https://bugzilla.suse.com/1103810 SUSE Bug 1103810 A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37. CVE-2018-12471 SUSE Linux Enterprise Server 12 SP2-BCL:res-signingkeys-3.0.37-52.23.6 SUSE Linux Enterprise Server 12 SP2-BCL:smt-3.0.37-52.23.6 SUSE Linux Enterprise Server 12 SP2-BCL:smt-support-3.0.37-52.23.6 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182898-2/ https://www.suse.com/security/cve/CVE-2018-12471.html CVE-2018-12471 https://bugzilla.suse.com/1103809 SUSE Bug 1103809 A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37. CVE-2018-12472 SUSE Linux Enterprise Server 12 SP2-BCL:res-signingkeys-3.0.37-52.23.6 SUSE Linux Enterprise Server 12 SP2-BCL:smt-3.0.37-52.23.6 SUSE Linux Enterprise Server 12 SP2-BCL:smt-support-3.0.37-52.23.6 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182898-2/ https://www.suse.com/security/cve/CVE-2018-12472.html CVE-2018-12472 https://bugzilla.suse.com/1104076 SUSE Bug 1104076