Oval Definition:oval:org.opensuse.security:def:101583
Revision Date:2022-04-12Version:1
Title:Security update for libsolv, libzypp, zypper (Important)
Description:

This update for libsolv, libzypp, zypper fixes the following issues:

Security relevant fix:

- Harden package signature checks (bsc#1184501).

libsolv update to 0.7.22:

- reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime

libzypp update to 17.30.0:

- ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848)

zypper update to 1.14.52:

- info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999)
Family:unixClass:patch
Status:Reference(s):1149032
1152489
1153274
1154353
1155518
1160634
1166146
1166166
1167030
1167773
1170139
1171073
1171558
1172873
1173504
1174852
1175306
1175918
1176109
1176180
1176200
1176481
1176586
1176855
1176983
1177066
1177070
1177353
1177397
1177577
1177666
1177703
1177820
1178123
1178182
1178227
1178286
1178304
1178330
1178393
1178401
1178426
1178461
1178579
1178581
1178584
1178585
1178589
1178635
1178653
1178659
1178661
1178669
1178686
1178740
1178755
1178762
1178838
1178853
1178886
1179001
1179012
1179014
1179015
1179045
1179076
1179082
1179107
1179140
1179141
1179160
1179201
1179211
1179217
1179225
1179419
1179424
1179425
1179426
1179427
1179429
1179432
1179442
1179550
1184501
1194848
1195999
1196061
1196317
1196368
1196514
1196925
1197134
CVE-2020-15436
CVE-2020-15437
CVE-2020-25668
CVE-2020-25669
CVE-2020-25704
CVE-2020-27777
CVE-2020-28915
CVE-2020-28941
CVE-2020-28974
CVE-2020-29369
CVE-2020-29371
CVE-2020-4788
SUSE-SU-2022:1157-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP3
SUSE Linux Enterprise Module for Development Tools 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Storage 7
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed
  • AND Package Information
  • kernel-docs-5.3.18-24.43.2 is installed
  • OR kernel-obs-build-5.3.18-24.43.2 is installed
  • OR kernel-preempt-devel-5.3.18-24.43.2 is installed
  • OR kernel-source-5.3.18-24.43.2 is installed
  • OR kernel-syms-5.3.18-24.43.2 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP3 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
  • OR SUSE Linux Enterprise Server 15 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
  • OR SUSE Linux Enterprise Storage 7.1 is installed
  • OR SUSE Manager Proxy 4.2 is installed
  • OR SUSE Manager Retail Branch Server 4.2 is installed
  • OR SUSE Manager Server 4.2 is installed
  • AND Package Information
  • libsolv-devel-0.7.22-150200.12.1 is installed
  • OR libsolv-tools-0.7.22-150200.12.1 is installed
  • OR libzypp-17.30.0-150200.36.1 is installed
  • OR libzypp-devel-17.30.0-150200.36.1 is installed
  • OR python3-solv-0.7.22-150200.12.1 is installed
  • OR ruby-solv-0.7.22-150200.12.1 is installed
  • OR zypper-1.14.52-150200.30.2 is installed
  • OR zypper-log-1.14.52-150200.30.2 is installed
  • OR zypper-needs-restarting-1.14.52-150200.30.2 is installed
    • BACK