OESA-2026-2467

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2467
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2467.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2467
Upstream
Published
2026-05-29T13:33:29Z
Modified
2026-05-29T13:45:17.286458455Z
Summary
libsolv security update
Details

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks:

Security Fix(es):

A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted .solv file containing negative size values in the repo_add_solv function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).(CVE-2026-9149)

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.(CVE-2026-9150)

Database specific
{
    "severity": "Medium"
}
References

Affected packages

openEuler:22.03-LTS-SP4 / libsolv

Package

Name
libsolv
Purl
pkg:rpm/openEuler/libsolv&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.22-4.oe2203sp4

Ecosystem specific

{
    "src": [
        "libsolv-0.7.22-4.oe2203sp4.src.rpm"
    ],
    "x86_64": [
        "libsolv-0.7.22-4.oe2203sp4.x86_64.rpm",
        "libsolv-debuginfo-0.7.22-4.oe2203sp4.x86_64.rpm",
        "libsolv-debugsource-0.7.22-4.oe2203sp4.x86_64.rpm",
        "libsolv-demo-0.7.22-4.oe2203sp4.x86_64.rpm",
        "libsolv-devel-0.7.22-4.oe2203sp4.x86_64.rpm",
        "libsolv-tools-0.7.22-4.oe2203sp4.x86_64.rpm",
        "perl-solv-0.7.22-4.oe2203sp4.x86_64.rpm",
        "python3-solv-0.7.22-4.oe2203sp4.x86_64.rpm",
        "ruby-solv-0.7.22-4.oe2203sp4.x86_64.rpm"
    ],
    "noarch": [
        "libsolv-help-0.7.22-4.oe2203sp4.noarch.rpm"
    ],
    "aarch64": [
        "libsolv-0.7.22-4.oe2203sp4.aarch64.rpm",
        "libsolv-debuginfo-0.7.22-4.oe2203sp4.aarch64.rpm",
        "libsolv-debugsource-0.7.22-4.oe2203sp4.aarch64.rpm",
        "libsolv-demo-0.7.22-4.oe2203sp4.aarch64.rpm",
        "libsolv-devel-0.7.22-4.oe2203sp4.aarch64.rpm",
        "libsolv-tools-0.7.22-4.oe2203sp4.aarch64.rpm",
        "perl-solv-0.7.22-4.oe2203sp4.aarch64.rpm",
        "python3-solv-0.7.22-4.oe2203sp4.aarch64.rpm",
        "ruby-solv-0.7.22-4.oe2203sp4.aarch64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2467.json"