Описание
Security update for libzypp, zypper
This update for libzypp, zypper fixes the following issues:
- CVE-2017-9271: Fixed proxy credentials written to log files (bsc#1050625).
The following non-security bugs were fixed:
- clean: Do not report an error if no repos are defined at all (bsc#1223971)
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Container suse/sles12sp5:latest
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-Azure-BYOS
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-Azure-Basic-On-Demand
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-Azure-HPC-BYOS
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-Azure-HPC-On-Demand
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-Azure-SAP-BYOS
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-Azure-SAP-On-Demand
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-Azure-Standard-On-Demand
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-EC2-BYOS
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-EC2-ECS-On-Demand
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-EC2-On-Demand
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-EC2-SAP-BYOS
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-EC2-SAP-On-Demand
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-GCE-BYOS
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-GCE-On-Demand
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-GCE-SAP-BYOS
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-GCE-SAP-On-Demand
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libzypp-16.22.13-65.3
zypper-1.13.66-21.61.3
SUSE Linux Enterprise Server 12 SP5
libzypp-16.22.13-65.3
libzypp-devel-16.22.13-65.3
zypper-1.13.66-21.61.3
zypper-log-1.13.66-21.61.3
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libzypp-16.22.13-65.3
libzypp-devel-16.22.13-65.3
zypper-1.13.66-21.61.3
zypper-log-1.13.66-21.61.3
SUSE Linux Enterprise Software Development Kit 12 SP5
libzypp-devel-16.22.13-65.3
libzypp-devel-doc-16.22.13-65.3
Ссылки
- Link for SUSE-SU-2024:2080-1
- E-Mail link for SUSE-SU-2024:2080-1
- SUSE Security Ratings
- SUSE Bug 1050625
- SUSE Bug 1177583
- SUSE Bug 1223971
- SUSE CVE CVE-2017-9271 page
Описание
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libzypp-16.22.13-65.3
Container suse/ltss/sle12.5/sles12sp5:latest:zypper-1.13.66-21.61.3
Container suse/sles12sp5:latest:libzypp-16.22.13-65.3
Container suse/sles12sp5:latest:zypper-1.13.66-21.61.3
Ссылки
- CVE-2017-9271
- SUSE Bug 1050625