Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 498
Alerts This Week
Warning Icon 1 498

SUSE: 2018:2555-1 Important: Libzypp and Zypper Security Fixes

suse
Calendar Grey August 30, 2018
Dist Suse Esm H88
SUSE Security Update: Security update for libzypp, zypper __________________________________________
An update that solves four vulnerabilities and has 10 fixes is now available

Summary

This update for libzypp, zypper provides the following fixes: libzypp security fixes: - CVE-2018-7685: Validate RPMs before caching (bsc#1091624, bsc#1088705) - CVE-2017-9269: Be sure bad packages do not stay in the cache (bsc#1045735) - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix repo gpg check workflows, mainly for unsigned repos and packages (bsc#1045735, bsc#1038984) libzypp changes: - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - Prefer calling "repo2solv" rather than "repo2solv.sh". - libzypp-devel should not require cmake. (bsc#1101349) - HardLocksFile: Prevent against empty commit without Target having been loaded. (bsc#1096803) - Avoid zombie tar processes. (bsc#1076192)

References

#1037210 #1038984 #1045735 #1048315 #1054088

#1070851 #1076192 #1088705 #1091624 #1092413

#1096803 #1100028 #1101349 #1102429

Cross- CVE-2017-7435 CVE-2017-7436 CVE-2017-9269

CVE-2018-7685

Affected Products:

SUSE Linux Enterprise Server for SAP 12-SP1

SUSE Linux Enterprise Server 12-SP1-LTSS

https://www.suse.com/security/cve/CVE-2017-7435.html

https://www.suse.com/security/cve/CVE-2017-7436.html

https://www.suse.com/security/cve/CVE-2017-9269.html

https://www.suse.com/security/cve/CVE-2018-7685.html

https://bugzilla.suse.com/1037210

https://bugzilla.suse.com/1038984

https://bugzilla.suse.com/1045735

https://bugzilla.suse.com/1048315

https://bugzilla.suse.com/1054088

https://bugzilla.suse.com/1070851

https://bugzilla.suse.com/1076192

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:2555-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.