openSUSE: 2020:0255-1 Moderate: Cookie Security Fix in libsolv
opensuse
February 27, 2020
An update that solves one vulnerability and has 10 fixes is now available.
Description
This update for libsolv, libzypp, zypper fixes the following issues:
Security issue fixed:
- CVE-2019-18900: Fixed assert cookie file that was world readable
(bsc#1158763).
Bug fixes
- Fixed removing orphaned packages dropped by to-be-installed products
(bsc#1155819).
- Adds libzypp API to mark all obsolete kernels according to the existing
purge-kernel script rules (bsc#1155198).
- Do not enforce 'en' being in RequestedLocales If the user decides to
have a system without explicit language support he may do so
(bsc#1155678).
- Load only target resolvables for zypper rm (bsc#1157377).
- Fix broken search by filelist (bsc#1135114).
- Replace python by a bash script in zypper-log (fixes#304, fixes#306,
bsc#1156158).
- Do not sort out requested locales which are not available (bsc#1155678).
- Prevent listing duplicate matches in tables. XML result is provided
within the new list-patches-byissue element...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-255=1
Package List
- openSUSE Leap 15.1 (i586 x86_64):
libsolv-debuginfo-0.7.10-lp151.2.10.1
libsolv-debugsource-0.7.10-lp151.2.10.1
libsolv-demo-0.7.10-lp151.2.10.1
libsolv-demo-debuginfo-0.7.10-lp151.2.10.1
libsolv-devel-0.7.10-lp151.2.10.1
libsolv-devel-debuginfo-0.7.10-lp151.2.10.1
libsolv-tools-0.7.10-lp151.2.10.1
libsolv-tools-debuginfo-0.7.10-lp151.2.10.1
libzypp-17.19.0-lp151.2.10.1
libzypp-debuginfo-17.19.0-lp151.2.10.1
libzypp-debugsource-17.19.0-lp151.2.10.1
libzypp-devel-17.19.0-lp151.2.10.1
libzypp-devel-doc-17.19.0-lp151.2.10.1
perl-solv-0.7.10-lp151.2.10.1
perl-solv-debuginfo-0.7.10-lp151.2.10.1
python-solv-0.7.10-lp151.2.10.1
python-solv-debuginfo-0.7.10-lp151.2.10.1
python3-solv-0.7.10-lp151.2.10.1
python3-solv-debuginfo-0.7.10-lp151.2.10.1
ruby-solv-0.7.10-lp151.2.10.1
ruby-solv-debuginfo-0.7.10-lp151.2.10.1
zypper-1.14.33-lp151.2.10.1
zypper-debuginfo-1.14.33-lp151.2.10.1
zypper-debugsource-1.14.33-lp151.2.10.1
- openSUSE Leap 15.1 (noarch):
zypper-aptitude-1.14.33-lp151.2.10.1
zypper-log-1.14.33-lp151.2.10.1
zyp...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2019-18900.html
https://bugzilla.suse.com/1135114
https://bugzilla.suse.com/1154804
https://bugzilla.suse.com/1154805
https://bugzilla.suse.com/1155198
https://bugzilla.suse.com/1155205
https://bugzilla.suse.com/1155298
https://bugzilla.suse.com/1155678
https://bugzilla.suse.com/1155819
https://bugzilla.suse.com/1156158
https://bugzilla.suse.com/1157377
https://bugzilla.suse.com/1158763
--
PREVIOUS
NEXT
Announcement ID: openSUSE-SU-2020:0255-1
Rating: moderate
Affected Products:
openSUSE Leap 15.1
le.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!