OVAL Reference oval:org.opensuse.security:def:852

Oval Definition:

oval:org.opensuse.security:def:852

Revision Date:	2022-04-12	Version:	1
Title:	Security update for libsolv, libzypp, zypper (Important)
Description:	This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999)
Family:	unix	Class:	patch
Status:		Reference(s):	1184501 1194848 1195999 1196061 1196317 1196368 1196514 1196925 1197134 CVE-2009-3736 CVE-2009-3736 CVE-2017-12837 CVE-2017-12883 CVE-2018-12015 CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 SUSE-SU-2022:1157-1
Platform(s):	openSUSE 13.2 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise for SAP 12 SP1 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Module for additional PackageHub packages 15 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Package Hub for SUSE Linux Enterprise 12 SUSE Package Hub for SUSE Linux Enterprise 12 SP1	Product(s):
Definition Synopsis
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed AND Package Information openstack-cinder-2014.2.3.dev13-1 is installed OR openstack-cinder-volume-2014.2.3.dev13-1 is installed OR python-cinder-2014.2.3.dev13-1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-1 is installed OR aaa_base-extras-13.2+git20140911.61c1681-1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND argyllcms-1.6.3-1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND drm-kmp-default-4.9.33_k4.4.73_5-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND Package Information perl-5.26.1-7.9.1 is installed OR perl-base-5.26.1-7.9.1 is installed OR perl-base-32bit-5.26.1-7.9.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Desktop 15 SP3 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed OR SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed OR SUSE Linux Enterprise Server 15 SP3 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed OR SUSE Linux Enterprise Storage 7.1 is installed OR SUSE Manager Proxy 4.2 is installed OR SUSE Manager Retail Branch Server 4.2 is installed OR SUSE Manager Server 4.2 is installed AND Package Information libsolv-devel-0.7.22-150200.12.1 is installed OR libsolv-tools-0.7.22-150200.12.1 is installed OR libzypp-17.30.0-150200.36.1 is installed OR libzypp-devel-17.30.0-150200.36.1 is installed OR python3-solv-0.7.22-150200.12.1 is installed OR ruby-solv-0.7.22-150200.12.1 is installed OR zypper-1.14.52-150200.30.2 is installed OR zypper-log-1.14.52-150200.30.2 is installed OR zypper-needs-restarting-1.14.52-150200.30.2 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 15 is installed AND Package Information drbd-9.0.13+git.b83ade31-3.2 is installed OR drbd-kmp-default-9.0.13+git.b83ade31_k4.12.14_23-3.2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for additional PackageHub packages 15 is installed AND tiff-4.0.9-5.17 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND Package Information perl-5.26.1-7.9 is installed OR perl-base-5.26.1-7.9 is installed OR perl-base-32bit-5.26.1-7.9 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information bluez-5.48-5.13 is installed OR bluez-devel-5.48-5.13 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Development Tools 15 is installed AND libtool-32bit-2.4.6-1 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 15 is installed AND Package Information java-1_8_0-openjdk-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-demo-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-devel-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-headless-1.8.0.171-3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-25_3-default-2-2 is installed OR kernel-livepatch-SLE15_Update_1-2-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND Package Information zeromq-4.2.3-3.8 is installed OR zeromq-tools-4.2.3-3.8 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information openslp-2.0.0-6.3 is installed OR openslp-server-2.0.0-6.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 is installed AND Package Information dracut-037-34.4 is installed OR dracut-fips-037-34.4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information file-5.19-9.1 is installed OR file-magic-5.19-9.1 is installed OR libmagic1-5.19-9.1 is installed OR libmagic1-32bit-5.19-9.1 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information MozillaThunderbird-52.9.1-3.7 is installed OR MozillaThunderbird-devel-52.9.1-3.7 is installed OR MozillaThunderbird-translations-common-52.9.1-3.7 is installed OR MozillaThunderbird-translations-other-52.9.1-3.7 is installed
Definition Synopsis
SUSE Package Hub for SUSE Linux Enterprise 12 is installed AND Package Information chromedriver-53.0.2785.89-96 is installed OR chromium-53.0.2785.89-96 is installed OR chromium-desktop-gnome-53.0.2785.89-96 is installed OR chromium-desktop-kde-53.0.2785.89-96 is installed OR chromium-ffmpegsumo-53.0.2785.89-96 is installed
Definition Synopsis
SUSE Package Hub for SUSE Linux Enterprise 12 SP1 is installed AND Package Information kinit-5.20.0-5 is installed OR kinit-devel-5.20.0-5 is installed OR kinit-lang-5.20.0-5 is installed

BACK