SUSE-SU-2020:1296-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2020/suse-su-20201296-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:1296-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:1296-1
Related
  • CVE-2019-18905
Published
2020-05-18T05:42:00Z
Modified
2025-05-02T04:09:07.353765Z
Upstream
  • CVE-2019-18905
Summary
Security update for autoyast2
Details

This update for autoyast2 to version 4.1.15 fixes the following issues:

Security issue fixed:

  • CVE-2019-18905: Removed all '--gpg-auto-import-keys' options from zypper commands (bsc#1140711).

Non-security issue fixed:

  • Fix desktop files updating some icons and groups (bsc#1168123).
  • Restored some missing icons (bsc#1168123, bsc#1109310 and bsc#1168281).
  • Service for init scripts: Try to start 'network-online.target' before starting the autoyast init scripts in order to get a working network (bsc#1164105).
  • Always re-probe storage after pre-scripts (bsc#1170082, bsc#1133045).
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP1 / autoyast2

Package

Name
autoyast2
Purl
pkg:rpm/suse/autoyast2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.15-3.13.1

Ecosystem specific 

{
    "binaries": [
        {
            "autoyast2": "4.1.15-3.13.1",
            "autoyast2-installation": "4.1.15-3.13.1"
        }
    ]
}