Описание
Security update for libzypp, zypper
This update for libzypp, zypper fixes the following issues:
libzypp fixes the following security issue:
- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).
zypper was updated to fix the following issues:
- Fixed an issue, where zypper crashed when the system language is set to Spanish and the user tried to patch their system with 'zypper patch --category security' (bsc#1178038)
- Fixed a typo in man page (bsc#1169947)
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
libzypp-16.21.2-27.70.1
libzypp-devel-16.21.2-27.70.1
zypper-1.13.57-18.46.3
zypper-log-1.13.57-18.46.3
SUSE Linux Enterprise Server 12 SP2-LTSS
libzypp-16.21.2-27.70.1
libzypp-devel-16.21.2-27.70.1
zypper-1.13.57-18.46.3
zypper-log-1.13.57-18.46.3
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libzypp-16.21.2-27.70.1
libzypp-devel-16.21.2-27.70.1
zypper-1.13.57-18.46.3
zypper-log-1.13.57-18.46.3
SUSE OpenStack Cloud 7
libzypp-16.21.2-27.70.1
libzypp-devel-16.21.2-27.70.1
zypper-1.13.57-18.46.3
zypper-log-1.13.57-18.46.3
Ссылки
- Link for SUSE-SU-2020:3367-1
- E-Mail link for SUSE-SU-2020:3367-1
- SUSE Security Ratings
- SUSE Bug 1158763
- SUSE Bug 1169947
- SUSE Bug 1178038
- SUSE CVE CVE-2019-18900 page
Описание
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:libzypp-16.21.2-27.70.1
SUSE Linux Enterprise Server 12 SP2-BCL:libzypp-devel-16.21.2-27.70.1
SUSE Linux Enterprise Server 12 SP2-BCL:zypper-1.13.57-18.46.3
SUSE Linux Enterprise Server 12 SP2-BCL:zypper-log-1.13.57-18.46.3
Ссылки
- CVE-2019-18900
- SUSE Bug 1158763