Denial of Service in libzypp
ID: | FEDORA-2018-13f9b69e5c |
Distribution: | Fedora |
Plattformen: | Fedora 28 |
Datum: | Do, 30. August 2018, 07:21 |
Referenzen: | https://bugzilla.redhat.com/show_bug.cgi?id=1615232 |
Applikationen: | Zypper |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-13f9b69e5c 2018-08-30 04:50:15.760413 -------------------------------------------------------------------------------- Name : libzypp Product : Fedora 28 Version : 17.6.2 Release : 1.fc28 URL : https://en.opensuse.org/Portal:Libzypp Summary : A package management library Description : libzypp is a library for package management built on top of the libsolv library. It is the foundation for the Zypper package manager. -------------------------------------------------------------------------------- Update Information: Update to `libzypp-17.6.2` and `zypper-1.14.8` to fix a vulnerability in which a malicious mirror could send infinite amounts of data to Zypper and it will consume it without validating how large the download should be. -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 26 2018 Neal Gompa |