Overview

File _patchinfo of Package patchinfo.8137

<patchinfo incident="8137">
  <issue tracker="bnc" id="1070263">VUL-0: CVE-2017-17042: rubygem-yard: lib/yard/core_ext/file.rb does not block relative paths with an initial ../ sequence, which allows directory traversal attacks</issue>
  <issue tracker="bnc" id="956755">yast lan: Can't setup network using yast after manual configuration</issue>
  <issue tracker="bnc" id="1080805">Errors running 'yast lan' or use network option in YaST.</issue>
  <issue tracker="bnc" id="1061306">undefined method '[]' for nil:NilClass, block in BuildLanOerview.</issue>
  <issue tracker="bnc" id="1036440">command 'yast remote list' stops the display manager</issue>
  <issue tracker="cve" id="2017-17042"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>lslezak</packager>
  <description>This update for yast2 fixes the following issues:

Security issue fixed:

- CVE-2017-17042: Pass absolute paths to "yard", relative paths do not work anymore because of a security update (bsc#1070263).

Bug fixes:

- bsc#956755: yast lan: Can't setup network using yast after manual configuration
- bsc#1080805: Errors running 'yast lan' or use network option in YaST.
- bsc#1061306: undefined method '[]' for nil:NilClass, block in BuildLanOerview.
- bsc#1036440: command 'yast remote list' stops the display manager
</description>
  <summary>Security update for yast2</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places