SUSE: 2019:3589-1 Critical Updates for Libzypp and Zypper Vulnerabilities

suse

September 11, 2018

An update that solves two vulnerabilities and has 26 fixes is now available

Summary

This update for libzypp, zypper, libsolv provides the following fixes: Security fixes in libzypp: - CVE-2018-7685: PackageProvider: Validate RPMs before caching (bsc#1091624, bsc#1088705) - CVE-2017-9269: Be sure bad packages do not stay in the cache (bsc#1045735) Changes in libzypp: - Update to version 17.6.4 - Automatically fetch repository signing key from gpgkey url (bsc#1088037) - lsof: use '-K i' if lsof supports it (bsc#1099847,bsc#1036304) - Check for not imported keys after multi key import from rpmdb (bsc#1096217) - Flags: make it std=c++14 ready - Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617) - Show GPGME version in log - Adapt to changes in libgpgme11-11.1.0 breaking the signature verification (bsc#1100427) - RepoInfo::provideKey: add report telling where we look for missing keys.

Topics Covered

security advisory important fix SUSE Linux signature check zypper libzypp do not cache

References

#1036304 #1041178 #1043166 #1045735 #1058515

#1066215 #1070770 #1070851 #1082318 #1084525

#1088037 #1088705 #1091624 #1092413 #1093103

#1096217 #1096617 #1096803 #1099847 #1100028

#1100095 #1100427 #1101349 #1102019 #1102429

#408814 #428822 #907538

Cross- CVE-2017-9269 CVE-2018-7685

Affected Products:

SUSE Linux Enterprise Module for Development Tools 15

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2017-9269.html

https://www.suse.com/security/cve/CVE-2018-7685.html

https://bugzilla.suse.com/1036304

https://bugzilla.suse.com/1041178

https://bugzilla.suse.com/1043166

https://bugzilla.suse.com/1045735

https://bugzilla.suse.com/1058515

https://bugzilla.suse.com/1066215

https://bugzilla.suse.com/1070770

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2018:2690-1

Rating: important

Topics Covered

security advisory important fix SUSE Linux signature check zypper libzypp do not cache

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2019:3589-1 Critical Updates for Libzypp and Zypper Vulnerabilities

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2019:3589-1 Critical Updates for Libzypp and Zypper Vulnerabilities

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!