WOW, you better be CAREFUL! There's a known vulnerability just out about using YaST, you could be trojaned if you're not real careful about where you're getting your updates.
http://www.linuxsecurity.com/content/view/121777/112/
Problem Description and Brief Discussion
This is a reissue of SUSE-SA:2006:009, after we found out that also
gpg version < 1.4.x are affected by the signature checking problem
of CVE-2006-0455.
With certain handcraft-able signatures GPG was returning a 0 (valid
signature) when used on command-line with option --verify.
This could make automated checkers, like for instance the patch file
verification checker of the YaST Online Update, pass malicious patch
files as correct and allow remote code execution.
Also, the YaST Online Update script signature verification had used a
feature which was not meant to be used for signature verification,
making it possible to supply any kind of script which would be
considered correct. This would also allow code execution.
Wait a minute...so you're saying we should be CAREFUL about where we install software from? Wow. What a revelation. Thanks for telling me this. Up to this point, I've been browsing around, clicking willy-nilly on whatever I want and installing it to my system like a crazy person, automatically answering yes to all dialogues that came up. Guess I better cut that out.
Man, it's a good thing we don't have to worry about such things in Windows, huh?
/sarcasm
Second, it requires someone to be futzing with the mirror directly or the commmunication--you'd have to be running a defacto install with no security measures, and the connection to the specific server turned on.
Third, you don't have to run YaST at all to update--you can d/l the packages and install with KPackage. Or, you can d/l the packages to a local directory and set the YaST installer to only run from the CD's and the local directory.
Finally, you can put the updated packages that fix the problem. The updated pkgs came up when I ran my first update and they were installed. I suspect other Suse users did the same thing.
The problem isn't as bad as ones I've seen on my peers' computers--they get trojaned just by running the OS.