SUSE-SU-2020:0087-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2020/suse-su-20200087-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0087-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:0087-1
Related
Published
2020-01-13T13:12:48Z
Modified
2025-05-02T04:09:06.317484Z
Upstream
Summary
Security update for libsolv, libzypp, zypper
Details

This update for libsolv, libzypp, zypper fixes the following issues:

Security issue fixed:

  • CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).

Bug fixes

  • Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819).
  • Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198).
  • Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678).
  • Load only target resolvables for zypper rm (bsc#1157377).
  • Fix broken search by filelist (bsc#1135114).
  • Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158).
  • Do not sort out requested locales which are not available (bsc#1155678).
  • Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805).
  • XML add patch issue-date and issue-list (bsc#1154805).
  • Fix zypper lp --cve/bugzilla/issue options (bsc#1155298).
  • Always execute commit when adding/removing locales (fixes bsc#1155205).
  • Fix description of --table-style,-s in man page (bsc#1154804).
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 / libsolv

Package

Name
libsolv
Purl
pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.10-3.22.1

Ecosystem specific 

{
    "binaries": [
        {
            "zypper": "1.14.33-3.29.1",
            "libzypp": "17.19.0-3.34.1",
            "python-solv": "0.7.10-3.22.1",
            "libsolv-devel": "0.7.10-3.22.1",
            "zypper-log": "1.14.33-3.29.1",
            "libsolv-tools": "0.7.10-3.22.1",
            "libzypp-devel": "17.19.0-3.34.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 / libzypp

Package

Name
libzypp
Purl
pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.19.0-3.34.1

Ecosystem specific 

{
    "binaries": [
        {
            "zypper": "1.14.33-3.29.1",
            "libzypp": "17.19.0-3.34.1",
            "python-solv": "0.7.10-3.22.1",
            "libsolv-devel": "0.7.10-3.22.1",
            "zypper-log": "1.14.33-3.29.1",
            "libsolv-tools": "0.7.10-3.22.1",
            "libzypp-devel": "17.19.0-3.34.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 / zypper

Package

Name
zypper
Purl
pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.14.33-3.29.1

Ecosystem specific 

{
    "binaries": [
        {
            "zypper": "1.14.33-3.29.1",
            "libzypp": "17.19.0-3.34.1",
            "python-solv": "0.7.10-3.22.1",
            "libsolv-devel": "0.7.10-3.22.1",
            "zypper-log": "1.14.33-3.29.1",
            "libsolv-tools": "0.7.10-3.22.1",
            "libzypp-devel": "17.19.0-3.34.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Development Tools 15 / libsolv

Package

Name
libsolv
Purl
pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.10-3.22.1

Ecosystem specific 

{
    "binaries": [
        {
            "python3-solv": "0.7.10-3.22.1",
            "ruby-solv": "0.7.10-3.22.1",
            "perl-solv": "0.7.10-3.22.1"
        }
    ]
}