Zwei Probleme in libzypp
ID: | SUSE-SU-2018:2716-2 |
Distribution: | SUSE |
Plattformen: | SUSE Linux Enterprise Server 12-SP2-BCL |
Datum: | Do, 18. Oktober 2018, 23:46 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9269 |
Applikationen: | Zypper |
Originalnachricht |
|
SUSE Security Update: Security update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2716-2 Rating: important References: #1036304 #1045735 #1049825 #1070851 #1076192 #1079334 #1088705 #1091624 #1092413 #1096803 #1099847 #1100028 #1101349 #1102429 Cross-References: CVE-2017-9269 CVE-2018-7685 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves two vulnerabilities and has 12 fixes is now available. Description: This update for libzypp, zypper provides the following fixes: Update libzypp to version 16.17.20 Security issues fixed: - PackageProvider: Validate delta rpms before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) - PackageProvider: Validate downloaded rpm package signatures before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) Other bugs fixed: - lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304) - Handle http error 502 Bad Gateway in curl backend (bsc#1070851) - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - libzypp-devel should not require cmake (bsc#1101349) - HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803) - Avoid zombie tar processes (bsc#1076192) Update to zypper to version 1.13.45 Security issue fixed: - Improve signature check callback messages (bsc#1045735, CVE-2017-9269) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735, CVE-2017-9269) Other bugs fixed: - XML |