Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:2180-1

Опубликовано: 28 июн. 2021
Источник: suse-cvrf

Описание

Security update for libsolv

This update for libsolv fixes the following issues:

Security issues fixed:

  • CVE-2019-20387: Fixed heap-buffer-overflow in repodata_schema2id (bsc#1161510)
  • CVE-2021-3200: testcase_read: error out if repos are added or the system is changed too late (bsc#1186229)

Other issues fixed:

  • backport support for blacklisted packages to support ptf packages and retracted patches
  • fix ruleinfo of complex dependencies returning the wrong origin
  • fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason
  • fix add_complex_recommends() selecting conflicted packages in rare cases
  • fix potential segfault in resolve_jobrules
  • fix solv_zchunk decoding error if large chunks are used

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
Container suse/sles12sp3:latest
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
Container suse/sles12sp4:latest
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
Container suse/sles12sp5:latest
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
HPE Helion OpenStack 8
libsolv-devel-0.6.37-2.33.1
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
libzypp-devel-16.21.4-2.51.1
perl-solv-0.6.37-2.33.1
python-solv-0.6.37-2.33.1
Image SLES12-SP4-Azure-BYOS
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP4-EC2-HVM-BYOS
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP4-GCE-BYOS
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP4-SAP-Azure
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP4-SAP-Azure-BYOS
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP4-SAP-EC2-HVM
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP4-SAP-GCE
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP4-SAP-GCE-BYOS
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-Azure-BYOS
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-Azure-Basic-On-Demand
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-Azure-HPC-BYOS
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-Azure-HPC-On-Demand
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-Azure-SAP-BYOS
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-Azure-SAP-On-Demand
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-Azure-Standard-On-Demand
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-EC2-BYOS
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-EC2-ECS-On-Demand
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-EC2-On-Demand
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-EC2-SAP-BYOS
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-EC2-SAP-On-Demand
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-GCE-BYOS
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-GCE-On-Demand
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-GCE-SAP-BYOS
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-GCE-SAP-On-Demand
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-OCI-BYOS-BYOS
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
python-solv-0.6.37-2.33.1
SUSE Linux Enterprise Server 12 SP3-BCL
libsolv-devel-0.6.37-2.33.1
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
libzypp-devel-16.21.4-2.51.1
perl-solv-0.6.37-2.33.1
python-solv-0.6.37-2.33.1
SUSE Linux Enterprise Server 12 SP3-LTSS
libsolv-devel-0.6.37-2.33.1
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
libzypp-devel-16.21.4-2.51.1
perl-solv-0.6.37-2.33.1
python-solv-0.6.37-2.33.1
SUSE Linux Enterprise Server 12 SP4-LTSS
libsolv-devel-0.6.37-2.33.1
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
libzypp-devel-16.21.4-2.51.1
perl-solv-0.6.37-2.33.1
python-solv-0.6.37-2.33.1
SUSE Linux Enterprise Server 12 SP5
libsolv-devel-0.6.37-2.33.1
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
libzypp-devel-16.21.4-2.51.1
perl-solv-0.6.37-2.33.1
python-solv-0.6.37-2.33.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libsolv-devel-0.6.37-2.33.1
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
libzypp-devel-16.21.4-2.51.1
perl-solv-0.6.37-2.33.1
python-solv-0.6.37-2.33.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libsolv-devel-0.6.37-2.33.1
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
libzypp-devel-16.21.4-2.51.1
perl-solv-0.6.37-2.33.1
python-solv-0.6.37-2.33.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libsolv-devel-0.6.37-2.33.1
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
libzypp-devel-16.21.4-2.51.1
perl-solv-0.6.37-2.33.1
python-solv-0.6.37-2.33.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libsolv-devel-0.6.37-2.33.1
libzypp-devel-16.21.4-2.51.1
libzypp-devel-doc-16.21.4-2.51.1
perl-solv-0.6.37-2.33.1
SUSE OpenStack Cloud 8
libsolv-devel-0.6.37-2.33.1
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
libzypp-devel-16.21.4-2.51.1
perl-solv-0.6.37-2.33.1
python-solv-0.6.37-2.33.1
SUSE OpenStack Cloud 9
libsolv-devel-0.6.37-2.33.1
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
libzypp-devel-16.21.4-2.51.1
perl-solv-0.6.37-2.33.1
python-solv-0.6.37-2.33.1
SUSE OpenStack Cloud Crowbar 8
libsolv-devel-0.6.37-2.33.1
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
libzypp-devel-16.21.4-2.51.1
perl-solv-0.6.37-2.33.1
python-solv-0.6.37-2.33.1
SUSE OpenStack Cloud Crowbar 9
libsolv-devel-0.6.37-2.33.1
libsolv-tools-0.6.37-2.33.1
libzypp-16.21.4-2.51.1
libzypp-devel-16.21.4-2.51.1
perl-solv-0.6.37-2.33.1
python-solv-0.6.37-2.33.1

Ссылки

Описание

repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.

Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libsolv-tools-0.6.37-2.33.1
Container suse/ltss/sle12.5/sles12sp5:latest:libzypp-16.21.4-2.51.1
Container suse/sles12sp3:latest:libsolv-tools-0.6.37-2.33.1
Container suse/sles12sp3:latest:libzypp-16.21.4-2.51.1
Ссылки

Описание

Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service

Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libsolv-tools-0.6.37-2.33.1
Container suse/ltss/sle12.5/sles12sp5:latest:libzypp-16.21.4-2.51.1
Container suse/sles12sp3:latest:libsolv-tools-0.6.37-2.33.1
Container suse/sles12sp3:latest:libzypp-16.21.4-2.51.1
Ссылки
Уязвимость SUSE-SU-2021:2180-1