YOU update for libzypp
Announcement ID: | SUSE-YU-2013:1408-2 |
Rating: | important |
References: | #828672 |
Affected Products: |
An update that fixes one vulnerability is now available.
Description:
libzypp did not handle multiple gpg pubkeys in the
repomd.xml.key and content.key consistently and secure.
Attackers could have exploited this to add their own keys
and pretend it's from SUSE.
Security Issue reference:
* CVE-2013-3704
Special Instructions and Notes:
This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application.
Patch Instructions:
To install this SUSE YOU Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Manager Client Tools for SLE 11 SP1:
zypper in -t patch slesctsp1-libzypp-8360
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Manager Client Tools for SLE 11 SP1 (i586 ia64 ppc64 s390x x86_64):
- libzypp-6.39.0-0.3.1
- SLE CLIENT TOOLS 10 for x86_64 (x86_64):
- libzypp-6.39.0-0.5.1
- SLE CLIENT TOOLS 10 for s390x (s390x):
- libzypp-6.39.0-0.5.1
- SLE CLIENT TOOLS 10 for ia64 (ia64):
- libzypp-6.39.0-0.5.1
- SLE CLIENT TOOLS 10 for PPC (ppc):
- libzypp-6.39.0-0.5.1
- SLE CLIENT TOOLS 10 (i586):
- libzypp-6.39.0-0.5.1
References:
- http://support.novell.com/security/cve/CVE-2013-3704.html
- https://bugzilla.novell.com/828672
- http://download.suse.com/patch/finder/?keywords=1580d4919b3e80f746b6ed3158079edf
- http://download.suse.com/patch/finder/?keywords=69da9fdb4651190f06fc1b3973aaf523