Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 28 articles for you...
100
security advisorybuffer overflowimportantSUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1
An update that solves four vulnerabilities can now be installed.. # Security update for libzypp, libsolv Announcement ID: SUSE-SU-2026:21988-1 Release Date: 2026-06-02T15:05:07Z Rating: important References: * bsc#1259802 * bsc#1265935 * bsc#1265938 * bsc#1266039 Cross-References: * CVE-2026-25707 * CVE-2026-48863 * CVE-2026-9149 * CVE-2026-9150 CVSS scores: * CVE-2026-25707 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-48863 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48863 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-9149 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-9149 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-9149 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-9150 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-9150 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for libzypp, libsolv fixes the following issues: libsolv was updated to 0.7.39: * fix solv_chksum_free segfault when called with a NULL pointer * made repo_add_solv more robust against corrupt files [bsc#1265935] [CVE-2026-9149] * fix potential buffer overflow when verifying EdDSA signatures [bsc#1266039] [CVE-2026-48863] * added limit checks in multiple places to catch overflows * reduce the size of the language id cache * fixed Debian canon selection * fixed dbpath detection in repo_rpmdb_librpm * reduced stack usage in repo page compression (needed for musl) * Fixed in earlier release: [bsc#1265938] [CVE-2026-9150] * fix parsing of recommends in the old Mandriva synthesis format libzypp was updated to 17.38.11: * Fix potential crash on malformed or malicious repository metadata (fixes #740) * Repometadata: discard entries referring to a location outside the repo (bsc#1259802, CVE-2026-25707) Mirroring those data locally would refer to a location outside the repo's local cache directory. Those data entries are reported and discarded. * zypp.conf: Allow [env] section to add environment variables. This feature is designed to enable environment-specific settings or debugging options over an extended period. See zypp.conf(5). ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-739=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libzypp-debuginfo-17.38.11-1.1 * libsolv-tools-debuginfo-0.7.39-1.1 * libsolv-tools-0.7.39-1.1 * libsolv-debugsource-0.7.39-1.1 * libzypp-debugsource-17.38.11-1.1 * libsolv-tools-base-0.7.39-1.1 * libsolv-tools-base-debuginfo-0.7.39-1.1 * libzypp-17.38.11-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25707.html * https://www.suse.com/security/cve/CVE-2026-48863.html * https://www.suse.com/security/cve/CVE-2026-9149.html * https://www.suse.com/security/cve/CVE-2026-9150.html * https://bugzilla.suse.com/show_bug.cgi?id=1259802 * https://bugzilla.suse.com/show_bug.cgi?id=1265935 * https://bugzilla.suse.com/show_bug.cgi?id=1265938 * https://bugzilla.suse.com/show_bug.cgi?id=1266039 . Explore an important security update for libzypp and libsolv in SUSE Linux Micro 6.0 addressing four notable issues.. SUSE Linux Micro libzypp libsolv vulnerabilities security update. . Severity: Important. LinuxSecurity.com Team
Jun 05, 2026
•Important
SuSE
100
security advisorybuffer overflowSuSESUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1
An update that solves four vulnerabilities can now be installed.. # Security update for libzypp, libsolv Announcement ID: SUSE-SU-2026:21992-1 Release Date: 2026-06-02T16:20:17Z Rating: important References: * bsc#1259802 * bsc#1265935 * bsc#1265938 * bsc#1266039 Cross-References: * CVE-2026-25707 * CVE-2026-48863 * CVE-2026-9149 * CVE-2026-9150 CVSS scores: * CVE-2026-25707 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-48863 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48863 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-9149 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-9149 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-9149 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-9150 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-9150 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for libzypp, libsolv fixes the following issues: libsolv was updated to 0.7.39. * fix solv_chksum_free segfault when called with a NULL pointer * made repo_add_solv more robust against corrupt files [bsc#1265935] [CVE-2026-9149] * fix potential buffer overflow when verifying EdDSA signatures [bsc#1266039] [CVE-2026-48863] * added limit checks in multiple places to catch overflows * reduce the size of the language id cache * fixed Debian canon selection * fixed dbpath detection in repo_rpmdb_librpm * reduced stack usage in repo page compression (needed for musl) * fixed in earlier release: [bsc#1265938] [CVE-2026-9150] * fix parsing of recommends in the old Mandriva synthesis format libzypp was updated to 17.38.11: * Fix potential crash on malformed or malicious repository metadata (fixes #740) * Repometadata: discard entries referring to a location outside the repo (bsc#1259802, CVE-2026-25707) Mirroring those data locally would refer to a location outside the repo's local cache directory. Those data entries are reported and discarded. * zypp.conf: Allow [env] section to add environment variables. This feature is designed to enable environment-specific settings or debugging options over an extended period. See zypp.conf(5). ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-560=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libzypp-debuginfo-17.38.11-slfo.1.1_1.1 * libsolv-tools-base-debuginfo-0.7.39-slfo.1.1_1.1 * libsolv-debugsource-0.7.39-slfo.1.1_1.1 * libsolv-tools-base-0.7.39-slfo.1.1_1.1 * libzypp-debugsource-17.38.11-slfo.1.1_1.1 * libzypp-17.38.11-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25707.html * https://www.suse.com/security/cve/CVE-2026-48863.html * https://www.suse.com/security/cve/CVE-2026-9149.html * https://www.suse.com/security/cve/CVE-2026-9150.html * https://bugzilla.suse.com/show_bug.cgi?id=1259802 * https://bugzilla.suse.com/show_bug.cgi?id=1265935 * https://bugzilla.suse.com/show_bug.cgi?id=1265938 * https://bugzilla.suse.com/show_bug.cgi?id=1266039 . Install important security fix for SUSE libzypp and libsolv to resolve four vulnerabilities effectively.. SUSE Linux Micro 6.1 Security, libzypp Updates, libsolv Patches. . Severity: Important. LinuxSecurity.com Team
Jun 05, 2026
•Important
SuSE
100
security advisoryimportantzypperSUSE Linux Micro 6.1 Important Libsolv Zypper CVE-2026-44933
An update that solves one vulnerability and contains one feature can now be installed.. # Security update for libsolv, libzypp, zypper Announcement ID: SUSE-SU-2026:21738-1 Release Date: 2026-05-21T09:23:01Z Rating: important References: * bsc#1265223 * jsc#PED-11922 Cross-References: * CVE-2026-44933 CVSS scores: * CVE-2026-44933 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44933 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-44933 ( NVD ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-44933 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for libsolv, libzypp, zypper fixes the following issues: * CVE-2026-44933: prevent configured scripts from escaping the sigcheck directory (bsc#1265223) Changes in libsolv: * update to version 0.7.37: * fix parsing of sha512 checksums in debian repositories * improve speed of dirpool_add_dir makeing parsing of filelists.xml twice as fast * fix parsing of recommands in the old Mandriva synthesis format Changes in libzypp: * update to version 17.38.9: * Mandatory signature verification plugin support (jsc#PED-11922) Changes in zypper: * update to version 1.14.97: * Add --filter-version-change to zypper lu. Adds filtering by version change significance to reduce noise in update listings. Supports levels: rebuild (hides rebuild-only changes) and package (hides all release-only changes). ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the commandlisted for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-538=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * zypper-1.14.97-slfo.1.1_1.1 * zypper-debugsource-1.14.97-slfo.1.1_1.1 * libzypp-debugsource-17.38.9-slfo.1.1_1.1 * libsolv-tools-base-debuginfo-0.7.37-slfo.1.1_1.1 * libsolv-debugsource-0.7.37-slfo.1.1_1.1 * libzypp-debuginfo-17.38.9-slfo.1.1_1.1 * libzypp-17.38.9-slfo.1.1_1.1 * zypper-debuginfo-1.14.97-slfo.1.1_1.1 * libsolv-tools-base-0.7.37-slfo.1.1_1.1 * SUSE Linux Micro 6.1 (noarch) * zypper-needs-restarting-1.14.97-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-44933.html * https://bugzilla.suse.com/show_bug.cgi?id=1265223 * https://jira.suse.com/browse/PED-11922 . Update for SUSE Linux Micro addresses an important issue with libsolv and zypper, enhancing system security and integrity.. SUSE Linux Micro Update, libsolv security fix, zypper patch, important security issue, CVE-2026-44933. . Severity: Important. LinuxSecurity.com Team
May 22, 2026
•Important
SuSE
203
security advisoryupdatebug fixMageia 9 libsolv Bugfix Notice for Advisory MGAA-2026-0016
MGAA-2026-0016 - Updated libsolv packages fix bug. MGAA-2026-0016 - Updated libsolv packages fix bug Publication date: 26 Feb 2026 URL: https://advisories.mageia.org/MGAA-2026-0016.html Type: bugfix Affected Mageia releases: 9 Description: The update includes a patch from Fedora which allows the production of metadata for python3-libsolv. References: - https://bugs.mageia.org/show_bug.cgi?id=35148 - https://bugzilla.redhat.com/show_bug.cgi?id=2252743 SRPMS: - 9/core/libsolv-0.7.35-1.1.mga9 . Fix for libsolv bug reported for Mageia release 9, ensuring stable functionality after update.. Mageia Security, libsolv Update, Bugfix Patch, Linux Security Advisory, Bug Resolution. . Severity: Informational. LinuxSecurity.com Team
Feb 26, 2026
•Informational
Mageia
219
security advisorymoderatesecurity updateRocky Linux 8 RLSA-2021:4085 Moderate: Libsolv Security Update
Moderate: libsolv security update. \{'type': 'Security', 'shortCode': 'RL', 'name': 'RLSA-2021:4060', 'synopsis': 'Moderate: libsolv security update', 'severity': 'Moderate', 'topic': 'An update for libsolv is now available for Rocky Linux 8.\nRocky Linux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.', 'description': 'The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.', 'solution': None, 'affectedProducts': ['Rocky Linux 8'], 'fixes': ['2000699', '2000703', '2000705', '2000707'], 'cves': ['Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33928.json:::CVE-2021-33928', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33929.json:::CVE-2021-33929', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33930.json:::CVE-2021-33930', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33938.json:::CVE-2021-33938'], 'references': [], 'publishedAt': '2021-11-04T05:43:55.070706Z', 'rpms': ['libsolv-0.7.16-3.el8_4.aarch64.rpm', 'libsolv-0.7.16-3.el8_4.i686.rpm', 'libsolv-0.7.16-3.el8_4.src.rpm', 'libsolv-0.7.16-3.el8_4.x86_64.rpm', 'libsolv-debuginfo-0.7.16-3.el8_4.aarch64.rpm', 'libsolv-debuginfo-0.7.16-3.el8_4.i686.rpm', 'libsolv-debuginfo-0.7.16-3.el8_4.x86_64.rpm', 'libsolv-debugsource-0.7.16-3.el8_4.aarch64.rpm', 'libsolv-debugsource-0.7.16-3.el8_4.i686.rpm', 'libsolv-debugsource-0.7.16-3.el8_4.x86_64.rpm', 'libsolv-demo-0.7.16-3.el8_4.aarch64.rpm', 'libsolv-demo-0.7.16-3.el8_4.x86_64.rpm', 'libsolv-demo-debuginfo-0.7.16-3.el8_4.aarch64.rpm','libsolv-demo-debuginfo-0.7.16-3.el8_4.x86_64.rpm', 'libsolv-devel-0.7.16-3.el8_4.aarch64.rpm', 'libsolv-devel-0.7.16-3.el8_4.i686.rpm', 'libsolv-devel-0.7.16-3.el8_4.x86_64.rpm', 'libsolv-tools-0.7.16-3.el8_4.aarch64.rpm', 'libsolv-tools-0.7.16-3.el8_4.x86_64.rpm', 'libsolv-tools-debuginfo-0.7.16-3.el8_4.aarch64.rpm', 'libsolv-tools-debuginfo-0.7.16-3.el8_4.x86_64.rpm', 'perl-solv-0.7.16-3.el8_4.aarch64.rpm', 'perl-solv-0.7.16-3.el8_4.x86_64.rpm', 'perl-solv-debuginfo-0.7.16-3.el8_4.aarch64.rpm', 'perl-solv-debuginfo-0.7.16-3.el8_4.x86_64.rpm', 'python3-solv-0.7.16-3.el8_4.aarch64.rpm', 'python3-solv-0.7.16-3.el8_4.x86_64.rpm', 'python3-solv-debuginfo-0.7.16-3.el8_4.aarch64.rpm', 'python3-solv-debuginfo-0.7.16-3.el8_4.x86_64.rpm', 'ruby-solv-0.7.16-3.el8_4.aarch64.rpm', 'ruby-solv-0.7.16-3.el8_4.x86_64.rpm', 'ruby-solv-debuginfo-0.7.16-3.el8_4.aarch64.rpm', 'ruby-solv-debuginfo-0.7.16-3.el8_4.x86_64.rpm']}\. A significant maintenance patch for libsolv has been released for Rocky Linux 8. Discover the details regarding the enhancements and corrections implemented.. Rocky Linux 8, libsolv update, security patch, moderate advisory. . LinuxSecurity.com Team
Sep 02, 2022
Rocky Linux
202
security advisorysecurity fiximportantopenSUSE Leap Micro 5.2: 2022:1157-1 Important: Zypper Security Fix
An update that contains security fixes can now be installed. . openSUSE Security Update: Security update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:1157-1 Rating: important References: #1184501 #1194848 #1195999 #1196061 #1196317 #1196368 #1196514 #1196925 #1197134 Affected Products: openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ("requires" is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by avalid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-1157=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - openSUSE Leap Micro 5.2 (noarch): zypper-needs-restarting-1.14.52-150200.30.2 References: https://bugzilla.suse.com/1184501 https://bugzilla.suse.com/1194848 https://bugzilla.suse.com/1195999 https://bugzilla.suse.com/1196061 https://bugzilla.suse.com/1196317 https://bugzilla.suse.com/1196368 https://bugzilla.suse.com/1196514 https://bugzilla.suse.com/1196925 https://bugzilla.suse.com/1197134 . Recent updates to libsolv, libzypp, and zypper fix criticalvulnerabilities and enhance installation processes, ensuring better user protection and streamlined management. openSUSE Update, libsolv Security, zypper Patch, libzypp Fixes, Software Update. . Severity: Important. LinuxSecurity.com Team
Sep 01, 2022
•Important
OpenSUSE
100
security advisorysecurity issueimportantSUSE: 2022:1157-2 Important: libsolv, libzypp, zypper Security Flaws
An update that contains security fixes can now be installed. . SUSE Security Update: Security update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1157-2 Rating: important References: #1184501 #1194848 #1195999 #1196061 #1196317 #1196368 #1196514 #1196925 #1197134 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ("requires" is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by avalid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1157=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise Micro 5.2 (noarch): zypper-needs-restarting-1.14.52-150200.30.2 References: https://bugzilla.suse.com/1184501 https://bugzilla.suse.com/1194848 https://bugzilla.suse.com/1195999 https://bugzilla.suse.com/1196061 https://bugzilla.suse.com/1196317 https://bugzilla.suse.com/1196368 https://bugzilla.suse.com/1196514 https://bugzilla.suse.com/1196925 https://bugzilla.suse.com/1197134 . SUSE Security Patch resolves criticalvulnerabilities in libsolv, libzypp, and zypper to bolster overall system defense.. SUSE Security Update, Libsolv Security, Security Fixes, Package Management. . Severity: Important. LinuxSecurity.com Team
Jul 14, 2022
•Important
SuSE
100
security advisorysecurity fiximportantSUSE: 2022:615-1 Important: Security Update for suse/sle15 Container
The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:615-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.11.26 , suse/sle15:15.3 , suse/sle15:15.3.17.11.26 Container Release : 17.11.26 Severity : important Type : security References : 1184501 1191502 1193086 1194848 1195247 1195529 1195899 1195999 1196061 1196317 1196368 1196514 1196567 1196925 1197134 1197293 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing ofDebian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping ofmalicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) The following package changes have been done: - liblzma5-5.2.3-150000.4.7.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libsystemd0-246.16-150300.7.42.1 updated - libudev1-246.16-150300.7.42.1 updated - libzypp-17.30.0-150200.36.1 updated - suse-build-key-12.0-150000.8.22.1 updated - zypper-1.14.52-150200.30.2 updated . Upgraded suse/sle15 image with critical security enhancements and suggested patches addressing issues in libsolv and xz.. SUSE Container Update,suse/sle15,security update,libsolv,xz. . Severity: Important. LinuxSecurity.com Team
Apr 14, 2022
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!