openSUSE-SU-2021:0059-1

Опубликовано: 14 янв. 2021

Источник: suse-cvrf

Описание

Security update for libzypp, zypper

This update for libzypp, zypper fixes the following issues:

Update zypper to version 1.14.41

Update libzypp to 17.25.4

CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583)
RepoManager: Force refresh if repo url has changed (bsc#1174016)
RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966)
RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427).
RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910)
Fixed update of gpg keys with elongated expire date (bsc#179222)
needreboot: remove udev from the list (bsc#1179083)
Fix lsof monitoring (bsc#1179909)

yast-installation was updated to 4.2.48:

Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

libzypp-17.25.5-lp152.2.16.1

libzypp-devel-17.25.5-lp152.2.16.1

libzypp-devel-doc-17.25.5-lp152.2.16.1

yast2-installation-4.2.48-lp152.2.12.1

zypper-1.14.41-lp152.2.12.1

zypper-aptitude-1.14.41-lp152.2.12.1

zypper-log-1.14.41-lp152.2.12.1

zypper-needs-restarting-1.14.41-lp152.2.12.1

The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.

openSUSE Leap 15.2:libzypp-17.25.5-lp152.2.16.1

openSUSE Leap 15.2:libzypp-devel-17.25.5-lp152.2.16.1

openSUSE Leap 15.2:libzypp-devel-doc-17.25.5-lp152.2.16.1

openSUSE Leap 15.2:yast2-installation-4.2.48-lp152.2.12.1