Alerts This Week
Warning Icon 1 697
Alerts This Week
Warning Icon 1 697

openSUSE Leap 15.2: OpenSUSE-SU-2021:0059-1 Moderate: Info Leak

opensuse
Calendar Grey January 14, 2021
Dist Opensuse Esm H88
The latest openSUSE updates for libzypp and zypper address a significant information leak and enhance overall system functionality, incorporating an additional 11 critical improvements.
An update that solves one vulnerability and has 11 fixes is now available

Description

This update for libzypp, zypper fixes the following issues:

Update zypper to version 1.14.41

Update libzypp to 17.25.4

- CVE-2017-9271: Fixed information leak in the log file (bsc#1050625

bsc#1177583)

- RepoManager: Force refresh if repo url has changed (bsc#1174016)

- RepoManager: Carefully tidy up the caches. Remove non-directory entries.

(bsc#1178966)

- RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe

(bsc#1177427).

- RpmDb: If no database exists use the _dbpath configured in rpm. Still

makes sure a compat symlink at /var/lib/rpm exists in case the

configures _dbpath is elsewhere. (bsc#1178910)

- Fixed update of gpg keys with elongated expire date (bsc#179222)

- needreboot: remove udev from the list (bsc#1179083)

- Fix lsof monitoring (bsc#1179909)

yast-installation was updated to 4.2.48:

- Do not cleanup the libzypp cache when the system has low memory,

incomplete cache confuses...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate information leak patch openSUSE zypper libzypp

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-59=1

Package List

- openSUSE Leap 15.2 (i586 x86_64):

libzypp-17.25.5-lp152.2.16.1

libzypp-debuginfo-17.25.5-lp152.2.16.1

libzypp-debugsource-17.25.5-lp152.2.16.1

libzypp-devel-17.25.5-lp152.2.16.1

libzypp-devel-doc-17.25.5-lp152.2.16.1

zypper-1.14.41-lp152.2.12.1

zypper-debuginfo-1.14.41-lp152.2.12.1

zypper-debugsource-1.14.41-lp152.2.12.1

- openSUSE Leap 15.2 (noarch):

yast2-installation-4.2.48-lp152.2.12.1

zypper-aptitude-1.14.41-lp152.2.12.1

zypper-log-1.14.41-lp152.2.12.1

zypper-needs-restarting-1.14.41-lp152.2.12.1

References

https://www.suse.com/security/cve/CVE-2017-9271.html

https://bugzilla.suse.com/1050625

https://bugzilla.suse.com/1174016

https://bugzilla.suse.com/1177238

https://bugzilla.suse.com/1177275

https://bugzilla.suse.com/1177427

https://bugzilla.suse.com/1177583

https://bugzilla.suse.com/1178910

https://bugzilla.suse.com/1178966

https://bugzilla.suse.com/1179083

https://bugzilla.suse.com/1179222

https://bugzilla.suse.com/1179415

https://bugzilla.suse.com/1179909

Announcement ID: openSUSE-SU-2021:0059-1
Rating: moderate
Affected Products: openSUSE Leap 15.2 ble.

Topics%20covered

Topics Covered

security advisory moderate information leak patch openSUSE zypper libzypp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here