Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

SUSE: 2017:2040-1 Important: Libzypp And Zypper Security Risks

suse
Calendar Grey August 3, 2017
Dist Suse Esm H88
SUSE Security Announcement related to libzypp and zypper highlights key vulnerabilities and outlines detailed steps for updates.
An update that solves three vulnerabilities and has 6 fixes An update that solves three vulnerabilities and has 6 fixes An update that solves three vulnerabilities and has 6 fixes ...

Summary

The Software Update Stack was updated to receive fixes and enhancements. libzypp: Security issues fixed: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984) Bug fixes: - Re-probe on refresh if the repository type changes. (bsc#1048315) - Propagate proper error code to DownloadProgressReport. (bsc#1047785) - Allow to trigger an appdata refresh unconditionally. (bsc#1009745) - Support custom repo variables defined in /etc/zypp/vars.d. - Adapt loop mounting of ISO images. (bsc#1038132, bsc#1033236) - Fix potential crash if repository has no baseurl. (bsc#1043218) zypper: - Adapt download callback to report and handle unsigned packages. (bsc#1038984)

References

#1009745 #1031756 #1033236 #1038132 #1038984

#1043218 #1045735 #1047785 #1048315

Cross- CVE-2017-7435 CVE-2017-7436 CVE-2017-9269

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP2

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2

SUSE Linux Enterprise Server 12-SP2

SUSE Linux Enterprise Desktop 12-SP2

OpenStack Cloud Magnum Orchestration 7

https://www.suse.com/security/cve/CVE-2017-7435.html

https://www.suse.com/security/cve/CVE-2017-7436.html

https://www.suse.com/security/cve/CVE-2017-9269.html

https://bugzilla.suse.com/1009745

https://bugzilla.suse.com/1031756

https://bugzilla.suse.com/1033236

https://bugzilla.suse.com/1038132

https://bugzilla.suse.com/1038984

https://bugzilla.suse.com/1043218

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:2040-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.