SUSE Security Update: Security update for libsolv, libzypp
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:1128-1
Rating:             important
References:         #1184501 #1189622 #1194848 #1195485 
Affected Products:
                    SUSE Linux Enterprise Server 12-SP2-BCL
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:

   This update for libsolv, libzypp fixes the following issues:

   libsolv to 0.6.39:

   - fix memory leaks in SWIG generated code
   - fix misparsing of '&' in attributes with libxml2
   - try to keep packages from a cycle close togther in the transaction order
     (bsc#1189622)
   - fix split provides not working if the update includes a forbidden vendor
     change (bsc#1195485)
   - fix segfault on conflict resolution when using bindings
   - do not replace noarch problem rules with arch dependent ones in problem
     reporting
   - fix and simplify pool_vendor2mask implementation
   - bump version to 0.6.39

   libzypp to 16.22.4:

   - Hint on ptf resolver conflicts (bsc#1194848)
   - Fix package signature check (bsc#1184501) Pay attention that header and
     payload are secured by a valid signature and report more detailed which
     signature is missing.
   - Set ZYPP_RPM_DEBUG=1 to capture verbose rpm command output.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1128=1



Package List:

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      libsolv-debugsource-0.6.39-2.27.32.2
      libsolv-devel-0.6.39-2.27.32.2
      libsolv-tools-0.6.39-2.27.32.2
      libsolv-tools-debuginfo-0.6.39-2.27.32.2
      libzypp-16.22.4-27.85.2
      libzypp-debuginfo-16.22.4-27.85.2
      libzypp-debugsource-16.22.4-27.85.2
      libzypp-devel-16.22.4-27.85.2
      perl-solv-0.6.39-2.27.32.2
      perl-solv-debuginfo-0.6.39-2.27.32.2
      python-solv-0.6.39-2.27.32.2
      python-solv-debuginfo-0.6.39-2.27.32.2


References:

   https://bugzilla.suse.com/1184501
   https://bugzilla.suse.com/1189622
   https://bugzilla.suse.com/1194848
   https://bugzilla.suse.com/1195485