Dear All,

I have reported a couple of YaST2 bugs to SuSE, and one of them has
security implications that people should be aware of.

I was using yast2 to install extra packages on a running system, and was
having great difficulty because yast2 kept on hanging after I had made my
package selection. So I used the feature (available on the Extras button)
to save my configuration then loaded it on the next run.

After loading the configuration yast2 took it upon itself to reinstall
from CD all the packages that were already installed as well as the new
ones I had requested. This was irritating, but what makes it much worse is
that it *downgraded* packages which had had security updates installed.

So I would warn people: when you run yast2 watch what it does and always
be ready to reinstall your security updates if necessary.

Bob
==============================================================
Bob Vickers R.Vickerscs.rhul.ac.uk
Dept of Computer Science, Royal Holloway, University of London
WWW: http://www.cs.rhul.ac.uk/home/bobv
Phone: +44 1784 443691

-- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]