Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

SUSE: 2017:2264-1 Critical: Security Fixes for Libzypp Software

suse
Calendar Grey August 25, 2017
Dist Suse Esm H88
Improvements for libzypp address various crucial concerns. Implement modifications to boost protection and performance.
An update that solves three vulnerabilities and has 5 fixes An update that solves three vulnerabilities and has 5 fixes An update that solves three vulnerabilities and has 5 fixes ...

Summary

The Software Update Stack was updated to receive fixes and enhancements. libzypp: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984) - Fix gpg-pubkey release (creation time) computation. (bsc#1036659) - Update lsof blacklist. (bsc#1046417) - Re-probe on refresh if the repository type changes. (bsc#1048315) - Propagate proper error code to DownloadProgressReport. (bsc#1047785) - Allow to trigger an appdata refresh unconditionally. (bsc#1009745) - Support custom repo variables defined in /etc/zypp/vars.d. yast2-pkg-bindings: - Do not crash when the repository URL is not defined. (bsc#1043218) Patch Instructions: To install this SUSE Security Update use YaST online_update.

References

#1009745 #1036659 #1038984 #1043218 #1045735

#1046417 #1047785 #1048315

Cross- CVE-2017-7435 CVE-2017-7436 CVE-2017-9269

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Desktop 12-SP3

https://www.suse.com/security/cve/CVE-2017-7435.html

https://www.suse.com/security/cve/CVE-2017-7436.html

https://www.suse.com/security/cve/CVE-2017-9269.html

https://bugzilla.suse.com/1009745

https://bugzilla.suse.com/1036659

https://bugzilla.suse.com/1038984

https://bugzilla.suse.com/1043218

https://bugzilla.suse.com/1045735

https://bugzilla.suse.com/1046417

https://bugzilla.suse.com/1047785

https://bugzilla.suse.com/1048315

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:2264-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.