Oval Definition:oval:org.opensuse.security:def:111333
Revision Date:2021-01-14Version:1
Title:Security update for libzypp, zypper (Moderate)
Description:

This update for libzypp, zypper fixes the following issues:

Update zypper to version 1.14.41

Update libzypp to 17.25.4

- CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909)

yast-installation was updated to 4.2.48:

- Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415)



This update was imported from the SUSE:SLE-15-SP2:Update update project.
Family:unixClass:patch
Status:Reference(s):1050625
1174016
1177238
1177275
1177427
1177583
1178910
1178966
1179083
1179222
1179415
1179909
CVE-2017-9271
openSUSE-SU-2021:0059-1
Platform(s):openSUSE Leap 15.2
Product(s):
Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • libzypp-17.25.5-lp152.2.16.1 is installed
  • OR libzypp-devel-17.25.5-lp152.2.16.1 is installed
  • OR libzypp-devel-doc-17.25.5-lp152.2.16.1 is installed
  • OR yast2-installation-4.2.48-lp152.2.12.1 is installed
  • OR zypper-1.14.41-lp152.2.12.1 is installed
  • OR zypper-aptitude-1.14.41-lp152.2.12.1 is installed
  • OR zypper-log-1.14.41-lp152.2.12.1 is installed
  • OR zypper-needs-restarting-1.14.41-lp152.2.12.1 is installed
    • BACK