SUSE-RU-2019:2742-1
- Source
- https://www.suse.com/support/update/announcement/2019/suse-ru-20192742-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2019:2742-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-RU-2019:2742-1
- Related
- Published
- 2019-10-22T13:40:42Z
- Modified
- 2019-10-22T13:40:42Z
- Summary
- Recommended update for libzypp, zypper, libsolv and PackageKit
- Details
-
This update for libzypp, zypper, libsolv and PackageKit fixes the following issues:
Security issues fixed in libsolv:
- CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c (function testcase_read) (bsc#1120629).
- CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c (function testcasestr2depcomplex) in libsolvext.a (bsc#1120630).
- CVE-2018-20534: Fixed illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a (bsc#1120631).
Other issues addressed in libsolv:
- Fixed an issue where libsolv failed to build against swig 4.0 by updating the version to 0.7.5 (bsc#1135749).
- Fixed an issue with the package name (bsc#1131823).
- repoaddrpmdb: do not copy bad solvables from the old solv file
- Fixed an issue with cleandeps updates in which all packages were not updated
- Experimental DISTTYPECONDA and RELCONDA support
- Fixed cleandeps jobs when using patterns (bsc#1137977)
- Fixed favorq leaking between solver runs if the solver is reused
- Fixed SOLVERFLAGFOCUS_BEST updateing packages without reason
- Be more correct with multiversion packages that obsolete their own name (bnc#1127155)
- Fix repository priority handling for multiversion packages
- Make code compatible with swig 4.0, remove obj0 instances
- repo2solv: support zchunk compressed data
- Remove NOBRPSTRIP_DEBUG=true as brp-15-strip-debug will not strip debug info for archives
Issues fixed in libzypp:
- Fix empty metalink downloads if filesize is unknown (bsc#1153557)
- Recognize riscv64 as architecture
- Fix installation of new header file (fixes #185)
- zypp.conf: Introduce
solver.focusto define the resolvers general attitude when resolving jobs. (bsc#1146415) - New container detection algorithm for zypper ps (bsc#1146947)
- Fix leaking filedescriptors in MediaCurl. (bsc#1116995)
- Run file conflict check on dry-run. (bsc#1140039)
- Do not remove orphan products if the .prod file is owned by a package. (bsc#1139795)
- Rephrase file conflict check summary. (bsc#1140039)
- Fix bash completions option detection. (bsc#1049825)
- Fixes a bug where zypper exited on SIGPIPE when downloading packages (bsc#1145521)
- Fixes an issue where zypper exited with a segmentation fault when updating via YaST2 (bsc#1146027)
- PublicKey::algoName: supply key algorithm and length
Issues fixed in zypper:
- Update to version 1.14.30
- Ignore SIGPIPE while STDOUT/STDERR are OK (bsc#1145521)
- Dump stacktrace on SIGPIPE (bsc#1145521)
- info: The requested info must be shown in QUIET mode (fixes #287)
- Fix local/remote url classification.
- Rephrase file conflict check summary (bsc#1140039)
- Fix bash completions option detection (bsc#1049825)
- man: split '--with[out]' like options to ease searching.
- Unhided 'ps' command in help
- Added option to show more conflict information
- Rephrased
zypper pshint (bsc#859480) - Fixed repo refresh not returning 106-ZYPPEREXITINFREPOSSKIPPED if --root is used (bsc#1134226)
- Fixed unknown package handling in zypper install (bsc#1127608)
- Re-show progress bar after pressing retry upon install error (bsc#1131113)
Issues fixed in PackageKit:
- Port the cron configuration variables to the systemd timer script, and add -sendwait parameter to mail in the script(bsc#1130306).
- References
-
- https://www.suse.com/support/update/announcement/-2019-2742/suse-ru-20192742-1/
- https://bugzilla.suse.com/1049825
- https://bugzilla.suse.com/1116995
- https://bugzilla.suse.com/1120629
- https://bugzilla.suse.com/1120630
- https://bugzilla.suse.com/1120631
- https://bugzilla.suse.com/1127155
- https://bugzilla.suse.com/1127608
- https://bugzilla.suse.com/1130306
- https://bugzilla.suse.com/1131113
- https://bugzilla.suse.com/1131823
- https://bugzilla.suse.com/1134226
- https://bugzilla.suse.com/1135749
- https://bugzilla.suse.com/1137977
- https://bugzilla.suse.com/1139795
- https://bugzilla.suse.com/1140039
- https://bugzilla.suse.com/1145521
- https://bugzilla.suse.com/1146027
- https://bugzilla.suse.com/1146415
- https://bugzilla.suse.com/1146947
- https://bugzilla.suse.com/1153557
- https://bugzilla.suse.com/859480
- https://www.suse.com/security/cve/CVE-2018-20532
- https://www.suse.com/security/cve/CVE-2018-20533
- https://www.suse.com/security/cve/CVE-2018-20534
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 SP1 / libsolv
Package
- Name
- libsolv
- Purl
- pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.7.6-3.7.2
Ecosystem specific
{
"binaries": [
{
"yast2-pkg-bindings": "4.1.2-3.3.5",
"libsolv-tools": "0.7.6-3.7.2",
"libyui-qt-pkg-doc": "2.45.27-3.3.3",
"libzypp": "17.15.0-3.9.1",
"zypper": "1.14.30-3.7.2",
"libsolv-devel": "0.7.6-3.7.2",
"zypper-log": "1.14.30-3.7.2",
"python3-solv": "0.7.6-3.7.2",
"libyui-ncurses-pkg-devel": "2.48.9-7.3.5",
"libyui-ncurses-pkg9": "2.48.9-7.3.5",
"libyui-qt-pkg9": "2.45.27-3.3.5",
"libyui-ncurses-pkg-doc": "2.48.9-7.3.3",
"zypper-needs-restarting": "1.14.30-3.7.2",
"libzypp-devel": "17.15.0-3.9.1"
}
]
}
SUSE:Linux Enterprise Module for Basesystem 15 SP1 / libyui-ncurses-pkg
Package
- Name
- libyui-ncurses-pkg
- Purl
- pkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.9-7.3.5
Ecosystem specific
{
"binaries": [
{
"yast2-pkg-bindings": "4.1.2-3.3.5",
"libsolv-tools": "0.7.6-3.7.2",
"libyui-qt-pkg-doc": "2.45.27-3.3.3",
"libzypp": "17.15.0-3.9.1",
"zypper": "1.14.30-3.7.2",
"libsolv-devel": "0.7.6-3.7.2",
"zypper-log": "1.14.30-3.7.2",
"python3-solv": "0.7.6-3.7.2",
"libyui-ncurses-pkg-devel": "2.48.9-7.3.5",
"libyui-ncurses-pkg9": "2.48.9-7.3.5",
"libyui-qt-pkg9": "2.45.27-3.3.5",
"libyui-ncurses-pkg-doc": "2.48.9-7.3.3",
"zypper-needs-restarting": "1.14.30-3.7.2",
"libzypp-devel": "17.15.0-3.9.1"
}
]
}
SUSE:Linux Enterprise Module for Basesystem 15 SP1 / libyui-ncurses-pkg-doc
Package
- Name
- libyui-ncurses-pkg-doc
- Purl
- pkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.9-7.3.3
Ecosystem specific
{
"binaries": [
{
"yast2-pkg-bindings": "4.1.2-3.3.5",
"libsolv-tools": "0.7.6-3.7.2",
"libyui-qt-pkg-doc": "2.45.27-3.3.3",
"libzypp": "17.15.0-3.9.1",
"zypper": "1.14.30-3.7.2",
"libsolv-devel": "0.7.6-3.7.2",
"zypper-log": "1.14.30-3.7.2",
"python3-solv": "0.7.6-3.7.2",
"libyui-ncurses-pkg-devel": "2.48.9-7.3.5",
"libyui-ncurses-pkg9": "2.48.9-7.3.5",
"libyui-qt-pkg9": "2.45.27-3.3.5",
"libyui-ncurses-pkg-doc": "2.48.9-7.3.3",
"zypper-needs-restarting": "1.14.30-3.7.2",
"libzypp-devel": "17.15.0-3.9.1"
}
]
}
SUSE:Linux Enterprise Module for Basesystem 15 SP1 / libyui-qt-pkg
Package
- Name
- libyui-qt-pkg
- Purl
- pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.45.27-3.3.5
Ecosystem specific
{
"binaries": [
{
"yast2-pkg-bindings": "4.1.2-3.3.5",
"libsolv-tools": "0.7.6-3.7.2",
"libyui-qt-pkg-doc": "2.45.27-3.3.3",
"libzypp": "17.15.0-3.9.1",
"zypper": "1.14.30-3.7.2",
"libsolv-devel": "0.7.6-3.7.2",
"zypper-log": "1.14.30-3.7.2",
"python3-solv": "0.7.6-3.7.2",
"libyui-ncurses-pkg-devel": "2.48.9-7.3.5",
"libyui-ncurses-pkg9": "2.48.9-7.3.5",
"libyui-qt-pkg9": "2.45.27-3.3.5",
"libyui-ncurses-pkg-doc": "2.48.9-7.3.3",
"zypper-needs-restarting": "1.14.30-3.7.2",
"libzypp-devel": "17.15.0-3.9.1"
}
]
}
SUSE:Linux Enterprise Module for Basesystem 15 SP1 / libyui-qt-pkg-doc
Package
- Name
- libyui-qt-pkg-doc
- Purl
- pkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.45.27-3.3.3
Ecosystem specific
{
"binaries": [
{
"yast2-pkg-bindings": "4.1.2-3.3.5",
"libsolv-tools": "0.7.6-3.7.2",
"libyui-qt-pkg-doc": "2.45.27-3.3.3",
"libzypp": "17.15.0-3.9.1",
"zypper": "1.14.30-3.7.2",
"libsolv-devel": "0.7.6-3.7.2",
"zypper-log": "1.14.30-3.7.2",
"python3-solv": "0.7.6-3.7.2",
"libyui-ncurses-pkg-devel": "2.48.9-7.3.5",
"libyui-ncurses-pkg9": "2.48.9-7.3.5",
"libyui-qt-pkg9": "2.45.27-3.3.5",
"libyui-ncurses-pkg-doc": "2.48.9-7.3.3",
"zypper-needs-restarting": "1.14.30-3.7.2",
"libzypp-devel": "17.15.0-3.9.1"
}
]
}
SUSE:Linux Enterprise Module for Basesystem 15 SP1 / libzypp
Package
- Name
- libzypp
- Purl
- pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed17.15.0-3.9.1
Ecosystem specific
{
"binaries": [
{
"yast2-pkg-bindings": "4.1.2-3.3.5",
"libsolv-tools": "0.7.6-3.7.2",
"libyui-qt-pkg-doc": "2.45.27-3.3.3",
"libzypp": "17.15.0-3.9.1",
"zypper": "1.14.30-3.7.2",
"libsolv-devel": "0.7.6-3.7.2",
"zypper-log": "1.14.30-3.7.2",
"python3-solv": "0.7.6-3.7.2",
"libyui-ncurses-pkg-devel": "2.48.9-7.3.5",
"libyui-ncurses-pkg9": "2.48.9-7.3.5",
"libyui-qt-pkg9": "2.45.27-3.3.5",
"libyui-ncurses-pkg-doc": "2.48.9-7.3.3",
"zypper-needs-restarting": "1.14.30-3.7.2",
"libzypp-devel": "17.15.0-3.9.1"
}
]
}
SUSE:Linux Enterprise Module for Basesystem 15 SP1 / yast2-pkg-bindings
Package
- Name
- yast2-pkg-bindings
- Purl
- pkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.1.2-3.3.5
Ecosystem specific
{
"binaries": [
{
"yast2-pkg-bindings": "4.1.2-3.3.5",
"libsolv-tools": "0.7.6-3.7.2",
"libyui-qt-pkg-doc": "2.45.27-3.3.3",
"libzypp": "17.15.0-3.9.1",
"zypper": "1.14.30-3.7.2",
"libsolv-devel": "0.7.6-3.7.2",
"zypper-log": "1.14.30-3.7.2",
"python3-solv": "0.7.6-3.7.2",
"libyui-ncurses-pkg-devel": "2.48.9-7.3.5",
"libyui-ncurses-pkg9": "2.48.9-7.3.5",
"libyui-qt-pkg9": "2.45.27-3.3.5",
"libyui-ncurses-pkg-doc": "2.48.9-7.3.3",
"zypper-needs-restarting": "1.14.30-3.7.2",
"libzypp-devel": "17.15.0-3.9.1"
}
]
}
SUSE:Linux Enterprise Module for Basesystem 15 SP1 / zypper
Package
- Name
- zypper
- Purl
- pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.14.30-3.7.2
Ecosystem specific
{
"binaries": [
{
"yast2-pkg-bindings": "4.1.2-3.3.5",
"libsolv-tools": "0.7.6-3.7.2",
"libyui-qt-pkg-doc": "2.45.27-3.3.3",
"libzypp": "17.15.0-3.9.1",
"zypper": "1.14.30-3.7.2",
"libsolv-devel": "0.7.6-3.7.2",
"zypper-log": "1.14.30-3.7.2",
"python3-solv": "0.7.6-3.7.2",
"libyui-ncurses-pkg-devel": "2.48.9-7.3.5",
"libyui-ncurses-pkg9": "2.48.9-7.3.5",
"libyui-qt-pkg9": "2.45.27-3.3.5",
"libyui-ncurses-pkg-doc": "2.48.9-7.3.3",
"zypper-needs-restarting": "1.14.30-3.7.2",
"libzypp-devel": "17.15.0-3.9.1"
}
]
}
SUSE:Linux Enterprise Module for Desktop Applications 15 SP1 / PackageKit
Package
- Name
- PackageKit
- Purl
- pkg:rpm/suse/PackageKit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.1.10-12.3.5
Ecosystem specific
{
"binaries": [
{
"PackageKit-devel": "1.1.10-12.3.5",
"PackageKit-backend-zypp": "1.1.10-12.3.5",
"libpackagekit-glib2-devel": "1.1.10-12.3.5",
"PackageKit": "1.1.10-12.3.5",
"libpackagekit-glib2-18": "1.1.10-12.3.5",
"PackageKit-lang": "1.1.10-12.3.5",
"libyui-qt-pkg-devel": "2.45.27-3.3.5",
"typelib-1_0-PackageKitGlib-1_0": "1.1.10-12.3.5"
}
]
}
SUSE:Linux Enterprise Module for Desktop Applications 15 SP1 / libyui-qt-pkg
Package
- Name
- libyui-qt-pkg
- Purl
- pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.45.27-3.3.5
Ecosystem specific
{
"binaries": [
{
"PackageKit-devel": "1.1.10-12.3.5",
"PackageKit-backend-zypp": "1.1.10-12.3.5",
"libpackagekit-glib2-devel": "1.1.10-12.3.5",
"PackageKit": "1.1.10-12.3.5",
"libpackagekit-glib2-18": "1.1.10-12.3.5",
"PackageKit-lang": "1.1.10-12.3.5",
"libyui-qt-pkg-devel": "2.45.27-3.3.5",
"typelib-1_0-PackageKitGlib-1_0": "1.1.10-12.3.5"
}
]
}
SUSE:Linux Enterprise Module for Development Tools 15 SP1 / libsolv
Package
- Name
- libsolv
- Purl
- pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1
SUSE:Linux Enterprise Module for Package Hub 15 SP1 / libsolv
Package
- Name
- libsolv
- Purl
- pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1