Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.852022
Category:SuSE Local Security Checks
Title:openSUSE: Security Advisory for libzypp (openSUSE-SU-2018:2739-1)
Summary:The remote host is missing an update for the 'libzypp'; package(s) announced via the openSUSE-SU-2018:2739-1 advisory.
Description:Summary:
The remote host is missing an update for the 'libzypp'
package(s) announced via the openSUSE-SU-2018:2739-1 advisory.

Vulnerability Insight:
This update for libzypp, zypper, libsolv provides the following fixes:

Security fixes in libzypp:

- CVE-2018-7685: PackageProvider: Validate RPMs before caching
(bsc#1091624, bsc#1088705)

- CVE-2017-9269: Be sure bad packages do not stay in the cache
(bsc#1045735)

Changes in libzypp:

- Update to version 17.6.4

- Automatically fetch repository signing key from gpgkey url (bsc#1088037)

- lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304)

- Check for not imported keys after multi key import from rpmdb
(bsc#1096217)

- Flags: make it std=c++14 ready

- Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617)

- Show GPGME version in log

- Adapt to changes in libgpgme11-11.1.0 breaking the signature
verification (bsc#1100427)

- RepoInfo::provideKey: add report telling where we look for missing keys.

- Support listing gpgkey URLs in repo files (bsc#1088037)

- Add new report to request user approval for importing a package key

- Handle http error 502 Bad Gateway in curl backend (bsc#1070851)

- Add filesize check for downloads with known size (bsc#408814)

- Removed superfluous space in translation (bsc#1102019)

- Prevent the system from sleeping during a commit

- RepoManager: Explicitly request repo2solv to generate application pseudo
packages.

- libzypp-devel should not require cmake (bsc#1101349)

- Avoid zombies from ExternalProgram

- Update ApiConfig

- HardLocksFile: Prevent against empty commit without Target having been
been loaded (bsc#1096803)

- lsof: use '-K i' if lsof supports it (bsc#1099847)

- Add filesize check for downloads with known size (bsc#408814)

- Fix detection of metalink downloads and prevent aborting if a metalink
file is larger than the expected data file.

- Require libsolv-devel = 0.6.35 during build (fixing bsc#1100095)

- Make use of %license macro (bsc#1082318)

Security fix in zypper:

- CVE-2017-9269: Improve signature check callback messages (bsc#1045735)

Changes in zypper:

- Always set error status if any nr of unknown repositories are passed to
lr and ref (bsc#1093103)

- Notify user about unsupported rpm V3 keys in an old rpm database
(bsc#1096217)

- Detect read only filesystem on system modifying operations (fixes #199)

- Use %license (bsc#1082318)

- Handle repo aliases containing multiple ':' in the PackageArgs parser
(bsc #1041178)

- Fix broken display of detailed query results.

- Fix broken search for items with a dash. (bsc#907538, bsc#1043166,
bsc#1070770)

- Disable repository operations when searching installed packages.
(bsc#1084525)
...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
libzypp, on openSUSE Leap 15.0.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-9269
SuSE Security Announcement: SUSE-SU-2017:2040 (Google Search)
https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-7685
http://lists.suse.com/pipermail/sle-security-updates/2018-August/004510.html
https://www.suse.com/de-de/security/cve/CVE-2018-7685/
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.