Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

openSUSE Leap 15.0: openSUSE-SU-2019:1927-1 Moderate updates for zypper

opensuse
Calendar Grey August 18, 2019
Dist Opensuse Esm H88
This release addresses several concerns related to zypper, libzypp, and libsolv for openSUSE Leap 15.0. Notable solutions provided.
An update that solves three vulnerabilities and has 41 fixes is now available.

Description

This update for libzypp and libsolv fixes the following issues:

Security issues fixed:

- CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c

(function testcase_read) (bsc#1120629).

- CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c

(function testcase_str2dep_complex) in libsolvext.a (bsc#1120630).

- CVE-2018-20534: Fixed illegal address access at src/pool.h (function

pool_whatprovides) in libsolv.a (bsc#1120631).

Fixed bugs and enhancements:

- make cleandeps jobs on patterns work (bnc#1137977)

- Fixed an issue where libsolv failed to build against swig 4.0 by

updating the version to 0.7.5 (bsc#1135749).

- Virtualization host upgrade from SLES-15 to SLES-15-SP1 finished with

wrong product name shown up (bsc#1131823).

- Copy pattern categories from the rpm that defines the pattern

(fate#323785).

- Enhance scanning /sys for modaliases (bsc#1130161).

- Prevent SEGV if the application sets...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1927=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

PackageKit-1.1.10-lp150.11.1

PackageKit-backend-zypp-1.1.10-lp150.11.1

PackageKit-backend-zypp-debuginfo-1.1.10-lp150.11.1

PackageKit-debuginfo-1.1.10-lp150.11.1

PackageKit-debugsource-1.1.10-lp150.11.1

PackageKit-devel-1.1.10-lp150.11.1

PackageKit-devel-debuginfo-1.1.10-lp150.11.1

PackageKit-gstreamer-plugin-1.1.10-lp150.11.1

PackageKit-gstreamer-plugin-debuginfo-1.1.10-lp150.11.1

PackageKit-gtk3-module-1.1.10-lp150.11.1

PackageKit-gtk3-module-debuginfo-1.1.10-lp150.11.1

libpackagekit-glib2-18-1.1.10-lp150.11.1

libpackagekit-glib2-18-debuginfo-1.1.10-lp150.11.1

libpackagekit-glib2-devel-1.1.10-lp150.11.1

libyui-ncurses-pkg-debugsource-2.48.5.2-lp150.7.1

libyui-ncurses-pkg-devel-2.48.5.2-lp150.7.1

libyui-ncurses-pkg8-2.48.5.2-lp150.7.1

libyui-ncurses-pkg8-debuginfo-2.48.5.2-lp150.7.1

libyui-qt-pkg-debugsource-2.45.15.2-lp150.7.1

libyui-qt-pkg-devel-2.45.15.2-lp150.7.1

libyui-qt-pkg8-2.45.15.2-lp150.7.1

libyui-qt-pkg8-debuginfo-2.45.15.2-lp150.7.1

typelib-1_0-PackageKitGlib...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2018-20532.html

https://www.suse.com/security/cve/CVE-2018-20533.html

https://www.suse.com/security/cve/CVE-2018-20534.html

https://bugzilla.suse.com/1047962

https://bugzilla.suse.com/1049826

https://bugzilla.suse.com/1053177

https://bugzilla.suse.com/1065022

https://bugzilla.suse.com/1099019

https://bugzilla.suse.com/1102261

https://bugzilla.suse.com/1110542

https://bugzilla.suse.com/1111319

https://bugzilla.suse.com/1112911

https://bugzilla.suse.com/1113296

https://bugzilla.suse.com/1114908

https://bugzilla.suse.com/1115341

https://bugzilla.suse.com/1116840

https://bugzilla.suse.com/1118758

https://bugzilla.suse.com/1119373

https://bugzilla.suse.com/1119820

https://bugzilla.suse.com/1119873

https://bugzilla.suse.com/1120263

https://bugzilla.suse.com/1120463

https://bugzilla.suse.com/1120629

https://bugzilla.suse.com/1120630

https://bugzilla.suse.com/1120631

https://bugzilla.suse.com/1121611

https://bugzilla.suse.com/1122062

https://bugzilla.suse.com/1122471

https://bugzilla...

Read the Full Advisory

Announcement ID: openSUSE-SU-2019:1927-1
Rating: moderate
Affected Products: openSUSE Leap 15.0 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.