Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

SUSE: 2022:1128-1 Important: libsolv, libzypp Critical Issues

suse
Calendar Grey April 7, 2022
Dist Suse Esm H88
The latest patches in libsolv and libzypp enhance the stability of SUSE Linux, addressing multiple significant vulnerabilities.
An update that contains security fixes can now be installed

Summary

This update for libsolv, libzypp fixes the following issues: libsolv to 0.6.39: - fix memory leaks in SWIG generated code - fix misparsing of '&' in attributes with libxml2 - try to keep packages from a cycle close togther in the transaction order (bsc#1189622) - fix split provides not working if the update includes a forbidden vendor change (bsc#1195485) - fix segfault on conflict resolution when using bindings - do not replace noarch problem rules with arch dependent ones in problem reporting - fix and simplify pool_vendor2mask implementation - bump version to 0.6.39 libzypp to 16.22.4: - Hint on ptf resolver conflicts (bsc#1194848) - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing.

References

#1184501 #1189622 #1194848 #1195485

Affected Products:

SUSE Linux Enterprise Server 12-SP2-BCL

https://bugzilla.suse.com/1184501

https://bugzilla.suse.com/1189622

https://bugzilla.suse.com/1194848

https://bugzilla.suse.com/1195485

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1128-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.