Oval Definition:oval:org.opensuse.security:def:100397
Revision Date:2022-04-12Version:1
Title: (Important)
Description:

This update for libsolv, libzypp, zypper fixes the following issues:

Security relevant fix:

- Harden package signature checks (bsc#1184501).

libsolv update to 0.7.22:

- reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime

libzypp update to 17.30.0:

- ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848)

zypper update to 1.14.52:

- info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999)
Family:unixClass:patch
Status:Reference(s):1184501
1194848
1195999
1196061
1196317
1196368
1196514
1196925
1197134
CVE-2015-6496
Platform(s):Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • conntrack-tools-1.4.5-1.46 is installed
  • OR conntrackd-1.4.5-1.46 is installed
    • Definition Synopsis
  • Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM is installed
  • AND Package Information
  • libsolv-tools-0.7.22-150200.12.1 is installed
  • OR libzypp-17.30.0-150200.36.1 is installed
  • OR python3-solv-0.7.22-150200.12.1 is installed
  • OR ruby-solv-0.7.22-150200.12.1 is installed
  • OR zypper-1.14.52-150200.30.2 is installed
    • BACK