Security update for libzypp, zypper
Announcement ID: | SUSE-SU-2018:2690-1 |
---|---|
Rating: | important |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves two vulnerabilities and has 26 security fixes can now be installed.
Description:
This update for libzypp, zypper, libsolv provides the following fixes:
Security fixes in libzypp:
- CVE-2018-7685: PackageProvider: Validate RPMs before caching (bsc#1091624, bsc#1088705)
- CVE-2017-9269: Be sure bad packages do not stay in the cache (bsc#1045735)
Changes in libzypp:
- Update to version 17.6.4
- Automatically fetch repository signing key from gpgkey url (bsc#1088037)
- lsof: use '-K i' if lsof supports it (bsc#1099847,bsc#1036304)
- Check for not imported keys after multi key import from rpmdb (bsc#1096217)
- Flags: make it std=c++14 ready
- Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617)
- Show GPGME version in log
- Adapt to changes in libgpgme11-11.1.0 breaking the signature verification (bsc#1100427)
- RepoInfo::provideKey: add report telling where we look for missing keys.
- Support listing gpgkey URLs in repo files (bsc#1088037)
- Add new report to request user approval for importing a package key
- Handle http error 502 Bad Gateway in curl backend (bsc#1070851)
- Add filesize check for downloads with known size (bsc#408814)
- Removed superfluous space in translation (bsc#1102019)
- Prevent the system from sleeping during a commit
- RepoManager: Explicitly request repo2solv to generate application pseudo packages.
- libzypp-devel should not require cmake (bsc#1101349)
- Avoid zombies from ExternalProgram
- Update ApiConfig
- HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803)
- lsof: use '-K i' if lsof supports it (bsc#1099847)
- Add filesize check for downloads with known size (bsc#408814)
- Fix detection of metalink downloads and prevent aborting if a metalink file is larger than the expected data file.
- Require libsolv-devel >= 0.6.35 during build (fixing bsc#1100095)
- Make use of %license macro (bsc#1082318)
Security fix in zypper:
- CVE-2017-9269: Improve signature check callback messages (bsc#1045735)
Changes in zypper:
- Always set error status if any nr of unknown repositories are passed to lr and ref (bsc#1093103)
- Notify user about unsupported rpm V3 keys in an old rpm database (bsc#1096217)
- Detect read only filesystem on system modifying operations (fixes #199)
- Use %license (bsc#1082318)
- Handle repo aliases containing multiple ':' in the PackageArgs parser (bsc #1041178)
- Fix broken display of detailed query results.
- Fix broken search for items with a dash. (bsc#907538, bsc#1043166, bsc#1070770)
- Disable repository operations when searching installed packages. (bsc#1084525)
- Prevent nested calls to exit() if aborted by a signal. (bsc#1092413)
- ansi.h: Prevent ESC sequence strings from going out of scope. (bsc#1092413)
- Fix some translation errors.
- Support listing gpgkey URLs in repo files (bsc#1088037)
- Check for root privileges in zypper verify and si (bsc#1058515)
- XML <install-summary> attribute
packages-to-change
added (bsc#1102429) - Add expert (allow-*) options to all installer commands (bsc#428822)
- Sort search results by multiple columns (bsc#1066215)
- man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028)
- Set error status if repositories passed to lr and ref are not known (bsc#1093103)
- Do not override table style in search
- Fix out of bound read in MbsIterator
- Add --supplements switch to search and info
- Add setter functions for zypp cache related config values to ZConfig
Changes in libsolv:
- convert repo2solv.sh script into a binary tool
- Make use of %license macro (bsc#1082318)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2
zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2692=1 SUSE-SLE-SAP-12-SP2-2018-2693=1 SUSE-SLE-SAP-12-SP2-2018-2697=1 SUSE-SLE-SAP-12-SP2-2018-2690=1 SUSE-SLE-SAP-12-SP2-2018-2691=1
-
SUSE Linux Enterprise Server 12 SP2 ESPOS 12-SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-ESPOS-2018-2691=1 SUSE-SLE-SERVER-12-SP2-ESPOS-2018-2692=1 SUSE-SLE-SERVER-12-SP2-ESPOS-2018-2693=1 SUSE-SLE-SERVER-12-SP2-ESPOS-2018-2697=1 SUSE-SLE-SERVER-12-SP2-ESPOS-2018-2690=1
-
SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2691=1 SUSE-SLE-SERVER-12-SP2-2018-2692=1 SUSE-SLE-SERVER-12-SP2-2018-2693=1 SUSE-SLE-SERVER-12-SP2-2018-2697=1 SUSE-SLE-SERVER-12-SP2-2018-2690=1
-
SUSE Linux Enterprise Live Patching 12-SP3
zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-2750=1 SUSE-SLE-Live-Patching-12-SP3-2018-2751=1 SUSE-SLE-Live-Patching-12-SP3-2018-2752=1 SUSE-SLE-Live-Patching-12-SP3-2018-2753=1 SUSE-SLE-Live-Patching-12-SP3-2018-2754=1 SUSE-SLE-Live-Patching-12-SP3-2018-2755=1 SUSE-SLE-Live-Patching-12-SP3-2018-2756=1 SUSE-SLE-Live-Patching-12-SP3-2018-2757=1
-
SUSE Linux Enterprise Live Patching 15
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-2767=1 SUSE-SLE-Module-Live-Patching-15-2018-2770=1
Package List:
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (x86_64)
- kgraft-patch-4_4_121-92_85-default-5-2.1
- kgraft-patch-4_4_120-92_70-default-8-2.1
- kgraft-patch-4_4_121-92_80-default-7-2.1
- kgraft-patch-4_4_114-92_67-default-9-2.1
- kgraft-patch-4_4_121-92_73-default-7-2.1
-
SUSE Linux Enterprise Server 12 SP2 ESPOS 12-SP2 (x86_64)
- kgraft-patch-4_4_121-92_85-default-5-2.1
- kgraft-patch-4_4_120-92_70-default-8-2.1
- kgraft-patch-4_4_121-92_80-default-7-2.1
- kgraft-patch-4_4_114-92_67-default-9-2.1
- kgraft-patch-4_4_121-92_73-default-7-2.1
-
SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 (x86_64)
- kgraft-patch-4_4_121-92_85-default-5-2.1
- kgraft-patch-4_4_120-92_70-default-8-2.1
- kgraft-patch-4_4_121-92_80-default-7-2.1
- kgraft-patch-4_4_114-92_67-default-9-2.1
- kgraft-patch-4_4_121-92_73-default-7-2.1
-
SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64)
- kgraft-patch-4_4_138-94_39-default-5-2.1
- kgraft-patch-4_4_132-94_33-default-debuginfo-6-2.1
- kgraft-patch-4_4_131-94_29-default-debuginfo-6-2.1
- kgraft-patch-4_4_126-94_22-default-8-2.1
- kgraft-patch-4_4_120-94_17-default-8-2.1
- kgraft-patch-4_4_140-94_42-default-debuginfo-5-2.1
- kgraft-patch-4_4_140-94_42-default-5-2.1
- kgraft-patch-4_4_132-94_33-default-6-2.1
- kgraft-patch-4_4_126-94_22-default-debuginfo-8-2.1
- kgraft-patch-4_4_120-94_17-default-debuginfo-8-2.1
- kgraft-patch-4_4_114-94_14-default-9-2.1
- kgraft-patch-4_4_114-94_11-default-9-2.1
- kgraft-patch-4_4_114-94_11-default-debuginfo-9-2.1
- kgraft-patch-4_4_138-94_39-default-debuginfo-5-2.1
- kgraft-patch-4_4_131-94_29-default-6-2.1
- kgraft-patch-4_4_114-94_14-default-debuginfo-9-2.1
-
SUSE Linux Enterprise Live Patching 15 (ppc64le x86_64)
- kernel-livepatch-4_12_14-25_3-default-debuginfo-6-2.1
- kernel-livepatch-4_12_14-25_3-default-6-2.1
- kernel-livepatch-4_12_14-25_6-default-debuginfo-6-2.1
- kernel-livepatch-4_12_14-25_6-default-6-2.1
References:
- https://www.suse.com/security/cve/CVE-2017-9269.html
- https://www.suse.com/security/cve/CVE-2018-7685.html
- https://bugzilla.suse.com/show_bug.cgi?id=1036304
- https://bugzilla.suse.com/show_bug.cgi?id=1041178
- https://bugzilla.suse.com/show_bug.cgi?id=1043166
- https://bugzilla.suse.com/show_bug.cgi?id=1045735
- https://bugzilla.suse.com/show_bug.cgi?id=1058515
- https://bugzilla.suse.com/show_bug.cgi?id=1066215
- https://bugzilla.suse.com/show_bug.cgi?id=1070770
- https://bugzilla.suse.com/show_bug.cgi?id=1070851
- https://bugzilla.suse.com/show_bug.cgi?id=1082318
- https://bugzilla.suse.com/show_bug.cgi?id=1084525
- https://bugzilla.suse.com/show_bug.cgi?id=1088037
- https://bugzilla.suse.com/show_bug.cgi?id=1088705
- https://bugzilla.suse.com/show_bug.cgi?id=1091624
- https://bugzilla.suse.com/show_bug.cgi?id=1092413
- https://bugzilla.suse.com/show_bug.cgi?id=1093103
- https://bugzilla.suse.com/show_bug.cgi?id=1096217
- https://bugzilla.suse.com/show_bug.cgi?id=1096617
- https://bugzilla.suse.com/show_bug.cgi?id=1096803
- https://bugzilla.suse.com/show_bug.cgi?id=1099847
- https://bugzilla.suse.com/show_bug.cgi?id=1100028
- https://bugzilla.suse.com/show_bug.cgi?id=1100095
- https://bugzilla.suse.com/show_bug.cgi?id=1100427
- https://bugzilla.suse.com/show_bug.cgi?id=1101349
- https://bugzilla.suse.com/show_bug.cgi?id=1102019
- https://bugzilla.suse.com/show_bug.cgi?id=1102429
- https://bugzilla.suse.com/show_bug.cgi?id=408814
- https://bugzilla.suse.com/show_bug.cgi?id=428822
- https://bugzilla.suse.com/show_bug.cgi?id=907538