Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:2265-1

Опубликовано: 02 сент. 2019
Источник: suse-cvrf

Описание

Security update for libsolv, libzypp, zypper

This update for libsolv, libzypp and zypper fixes the following issues:

libsolv was updated to version 0.6.36 and fixes the following issues:

Security issues fixed:

  • CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629).
  • CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630).
  • CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631).

Non-security issues fixed:

  • Made cleandeps jobs on patterns work (bsc#1137977).
  • Fixed an issue multiversion packages that obsolete their own name (bsc#1127155).
  • Keep consistent package name if there are multiple alternatives (bsc#1131823).

Fixes for libzypp:

  • Fixes a bug where locking the kernel was not possible (bsc#1113296)
  • Fixes a file descriptor leak (bsc#1116995)
  • Will now run file conflict check on dry-run (best with download-only) (bsc#1140039)

Fixes for zypper:

  • Fixes a bug where the wrong exit code was set when refreshing repos if --root was used (bsc#1134226)
  • Improved the displaying of locks (bsc#1112911)
  • Fixes an issue where https repository urls caused an error prompt to appear twice (bsc#1110542)
  • zypper will now always warn when no repositories are defined (bsc#1109893)
  • Fixes bash completion option detection (bsc#1049825)

Список пакетов

HPE Helion OpenStack 8
libsolv-tools-0.6.36-2.27.19.8
libzypp-16.20.2-27.60.4
perl-solv-0.6.36-2.27.19.8
python-solv-0.6.36-2.27.19.8
zypper-1.13.54-18.40.2
zypper-log-1.13.54-18.40.2
SUSE Enterprise Storage 4
libsolv-tools-0.6.36-2.27.19.8
libzypp-16.20.2-27.60.4
perl-solv-0.6.36-2.27.19.8
python-solv-0.6.36-2.27.19.8
zypper-1.13.54-18.40.2
zypper-log-1.13.54-18.40.2
SUSE Enterprise Storage 5
libsolv-tools-0.6.36-2.27.19.8
libzypp-16.20.2-27.60.4
perl-solv-0.6.36-2.27.19.8
python-solv-0.6.36-2.27.19.8
zypper-1.13.54-18.40.2
zypper-log-1.13.54-18.40.2
SUSE Linux Enterprise Desktop 12 SP4
libsolv-tools-0.6.36-2.27.19.8
libzypp-16.20.2-27.60.4
python-solv-0.6.36-2.27.19.8
zypper-1.13.54-18.40.2
zypper-log-1.13.54-18.40.2
SUSE Linux Enterprise Server 12 SP2-BCL
libsolv-tools-0.6.36-2.27.19.8
libzypp-16.20.2-27.60.4
perl-solv-0.6.36-2.27.19.8
python-solv-0.6.36-2.27.19.8
zypper-1.13.54-18.40.2
zypper-log-1.13.54-18.40.2
SUSE Linux Enterprise Server 12 SP2-LTSS
libsolv-tools-0.6.36-2.27.19.8
libzypp-16.20.2-27.60.4
perl-solv-0.6.36-2.27.19.8
python-solv-0.6.36-2.27.19.8
zypper-1.13.54-18.40.2
zypper-log-1.13.54-18.40.2
SUSE Linux Enterprise Server 12 SP3-BCL
libsolv-tools-0.6.36-2.27.19.8
libzypp-16.20.2-27.60.4
perl-solv-0.6.36-2.27.19.8
python-solv-0.6.36-2.27.19.8
zypper-1.13.54-18.40.2
zypper-log-1.13.54-18.40.2
SUSE Linux Enterprise Server 12 SP3-LTSS
libsolv-tools-0.6.36-2.27.19.8
libzypp-16.20.2-27.60.4
perl-solv-0.6.36-2.27.19.8
python-solv-0.6.36-2.27.19.8
zypper-1.13.54-18.40.2
zypper-log-1.13.54-18.40.2
SUSE Linux Enterprise Server 12 SP4
libsolv-tools-0.6.36-2.27.19.8
libzypp-16.20.2-27.60.4
perl-solv-0.6.36-2.27.19.8
python-solv-0.6.36-2.27.19.8
zypper-1.13.54-18.40.2
zypper-log-1.13.54-18.40.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libsolv-tools-0.6.36-2.27.19.8
libzypp-16.20.2-27.60.4
perl-solv-0.6.36-2.27.19.8
python-solv-0.6.36-2.27.19.8
zypper-1.13.54-18.40.2
zypper-log-1.13.54-18.40.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libsolv-tools-0.6.36-2.27.19.8
libzypp-16.20.2-27.60.4
perl-solv-0.6.36-2.27.19.8
python-solv-0.6.36-2.27.19.8
zypper-1.13.54-18.40.2
zypper-log-1.13.54-18.40.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libsolv-tools-0.6.36-2.27.19.8
libzypp-16.20.2-27.60.4
perl-solv-0.6.36-2.27.19.8
python-solv-0.6.36-2.27.19.8
zypper-1.13.54-18.40.2
zypper-log-1.13.54-18.40.2
SUSE OpenStack Cloud 7
libsolv-tools-0.6.36-2.27.19.8
libzypp-16.20.2-27.60.4
perl-solv-0.6.36-2.27.19.8
python-solv-0.6.36-2.27.19.8
zypper-1.13.54-18.40.2
zypper-log-1.13.54-18.40.2
SUSE OpenStack Cloud 8
libsolv-tools-0.6.36-2.27.19.8
libzypp-16.20.2-27.60.4
perl-solv-0.6.36-2.27.19.8
python-solv-0.6.36-2.27.19.8
zypper-1.13.54-18.40.2
zypper-log-1.13.54-18.40.2
SUSE OpenStack Cloud Crowbar 8
libsolv-tools-0.6.36-2.27.19.8
libzypp-16.20.2-27.60.4
perl-solv-0.6.36-2.27.19.8
python-solv-0.6.36-2.27.19.8
zypper-1.13.54-18.40.2
zypper-log-1.13.54-18.40.2

Ссылки

Описание

There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.

Затронутые продукты
HPE Helion OpenStack 8:libsolv-tools-0.6.36-2.27.19.8
HPE Helion OpenStack 8:libzypp-16.20.2-27.60.4
HPE Helion OpenStack 8:perl-solv-0.6.36-2.27.19.8
HPE Helion OpenStack 8:python-solv-0.6.36-2.27.19.8
Ссылки

Описание

There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.

Затронутые продукты
HPE Helion OpenStack 8:libsolv-tools-0.6.36-2.27.19.8
HPE Helion OpenStack 8:libzypp-16.20.2-27.60.4
HPE Helion OpenStack 8:perl-solv-0.6.36-2.27.19.8
HPE Helion OpenStack 8:python-solv-0.6.36-2.27.19.8
Ссылки

Описание

There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application

Затронутые продукты
HPE Helion OpenStack 8:libsolv-tools-0.6.36-2.27.19.8
HPE Helion OpenStack 8:libzypp-16.20.2-27.60.4
HPE Helion OpenStack 8:perl-solv-0.6.36-2.27.19.8
HPE Helion OpenStack 8:python-solv-0.6.36-2.27.19.8
Ссылки
Уязвимость SUSE-SU-2019:2265-1