Explore top 10 tips to secure your open-source projects now. Read More
×
This update for libzypp, zypper, libsolv provides the following fixes:
Security fixes in libzypp:
- CVE-2018-7685: PackageProvider: Validate RPMs before caching
(bsc#1091624, bsc#1088705)
- CVE-2017-9269: Be sure bad packages do not stay in the cache
(bsc#1045735)
Changes in libzypp:
- Update to version 17.6.4
- Automatically fetch repository signing key from gpgkey url (bsc#1088037)
- lsof: use '-K i' if lsof supports it (bsc#1099847,bsc#1036304)
- Check for not imported keys after multi key import from rpmdb
(bsc#1096217)
- Flags: make it std=c++14 ready
- Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617)
- Show GPGME version in log
- Adapt to changes in libgpgme11-11.1.0 breaking the signature
verification (bsc#1100427)
- RepoInfo::provideKey: add report telling where we look for missing keys.
- Support listing gpgkey URLs in repo files (bsc#1088037)
- Add new report to request user approval for...
Read the Full AdvisoryPatch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-1017=1
- openSUSE Leap 15.0 (x86_64):
libsolv-debuginfo-0.6.35-lp150.2.3.1
libsolv-debugsource-0.6.35-lp150.2.3.1
libsolv-demo-0.6.35-lp150.2.3.1
libsolv-demo-debuginfo-0.6.35-lp150.2.3.1
libsolv-devel-0.6.35-lp150.2.3.1
libsolv-devel-debuginfo-0.6.35-lp150.2.3.1
libsolv-tools-0.6.35-lp150.2.3.1
libsolv-tools-debuginfo-0.6.35-lp150.2.3.1
libzypp-17.6.4-lp150.2.3.1
libzypp-debuginfo-17.6.4-lp150.2.3.1
libzypp-debugsource-17.6.4-lp150.2.3.1
libzypp-devel-17.6.4-lp150.2.3.1
libzypp-devel-doc-17.6.4-lp150.2.3.1
perl-solv-0.6.35-lp150.2.3.1
perl-solv-debuginfo-0.6.35-lp150.2.3.1
python-solv-0.6.35-lp150.2.3.1
python-solv-debuginfo-0.6.35-lp150.2.3.1
python3-solv-0.6.35-lp150.2.3.1
python3-solv-debuginfo-0.6.35-lp150.2.3.1
ruby-solv-0.6.35-lp150.2.3.1
ruby-solv-debuginfo-0.6.35-lp150.2.3.1
zypper-1.14.10-lp150.2.3.1
zypper-debuginfo-1.14.10-lp150.2.3.1
zypper-debugsource-1.14.10-lp150.2.3.1
- openSUSE Leap 15.0 (noarch):
zypper-aptitude-1.14.10-lp150.2.3.1
zypper-log-1.14.10-lp150.2.3.1
https://www.suse.com/security/cve/CVE-2017-9269.html
https://www.suse.com/security/cve/CVE-2018-7685.html
https://bugzilla.suse.com/1036304
https://bugzilla.suse.com/1041178
https://bugzilla.suse.com/1043166
https://bugzilla.suse.com/1045735
https://bugzilla.suse.com/1058515
https://bugzilla.suse.com/1066215
https://bugzilla.suse.com/1070770
https://bugzilla.suse.com/1070851
https://bugzilla.suse.com/1082318
https://bugzilla.suse.com/1084525
https://bugzilla.suse.com/1088037
https://bugzilla.suse.com/1088705
https://bugzilla.suse.com/1091624
https://bugzilla.suse.com/1092413
https://bugzilla.suse.com/1093103
https://bugzilla.suse.com/1096217
https://bugzilla.suse.com/1096617
https://bugzilla.suse.com/1096803
https://bugzilla.suse.com/1099847
https://bugzilla.suse.com/1100028
https://bugzilla.suse.com/1100095
https://bugzilla.suse.com/1100427
https://bugzilla.suse.com/1101349
https://bugzilla.suse.com/1102019
https://bugzilla.suse.com/1102429
https://bugzilla.suse.com/408814
https://bugzilla.suse.com/428822
https:/...
Read the Full AdvisoryGet the latest Linux and open source security news straight to your inbox.