Security update for libsolv, libzypp, zypper

Announcement ID: SUSE-SU-2022:1157-2
Rating: important
References:
Affected Products:
  • SUSE Linux Enterprise Micro 5.2
  • SUSE Linux Enterprise Micro for Rancher 5.2

An update that has nine security fixes can now be installed.

Description:

This update for libsolv, libzypp, zypper fixes the following issues:

Security relevant fix:

  • Harden package signature checks (bsc#1184501).

libsolv update to 0.7.22:

  • reworked choice rule generation to cover more usecases
  • support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
  • support parsing of Debian's Multi-Arch indicator
  • fix segfault on conflict resolution when using bindings
  • fix split provides not working if the update includes a forbidden vendor change
  • support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
  • support zstd compressed control files in debian packages
  • add an ifdef allowing to rename Solvable dependency members ("requires" is a keyword in C++20)
  • support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata
  • support queying of the custom vendor check function new function: pool_get_custom_vendorcheck
  • support solv files with an idarray block
  • allow accessing the toolversion at runtime

libzypp update to 17.30.0:

  • ZConfig: Update solver settings if target changes (bsc#1196368)
  • Fix possible hang in singletrans mode (bsc#1197134)
  • Do 2 retries if mount is still busy.
  • Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing.
  • Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry.
  • Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
  • Fix handling of ISO media in releaseAll (bsc#1196061)
  • Hint on common ptf resolver conflicts (bsc#1194848)
  • Hint on ptf<>patch resolver conflicts (bsc#1194848)

zypper update to 1.14.52:

  • info: print the packages upstream URL if available (fixes #426)
  • info: Fix SEGV with not installed PTFs (bsc#1196317)
  • Don't prevent less restrictive umasks (bsc#1195999)

Special Instructions and Notes:

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Micro 5.2
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1157=1
  • SUSE Linux Enterprise Micro for Rancher 5.2
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1157=1

Package List:

  • SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
    • zypper-1.14.52-150200.30.2
    • zypper-debugsource-1.14.52-150200.30.2
    • libsolv-tools-debuginfo-0.7.22-150200.12.1
    • libsolv-debugsource-0.7.22-150200.12.1
    • libzypp-debugsource-17.30.0-150200.36.1
    • libsolv-debuginfo-0.7.22-150200.12.1
    • libzypp-debuginfo-17.30.0-150200.36.1
    • libzypp-17.30.0-150200.36.1
    • libsolv-tools-0.7.22-150200.12.1
    • zypper-debuginfo-1.14.52-150200.30.2
  • SUSE Linux Enterprise Micro 5.2 (noarch)
    • zypper-needs-restarting-1.14.52-150200.30.2
  • SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
    • zypper-1.14.52-150200.30.2
    • zypper-debugsource-1.14.52-150200.30.2
    • libsolv-tools-debuginfo-0.7.22-150200.12.1
    • libsolv-debugsource-0.7.22-150200.12.1
    • libzypp-debugsource-17.30.0-150200.36.1
    • libsolv-debuginfo-0.7.22-150200.12.1
    • libzypp-debuginfo-17.30.0-150200.36.1
    • libzypp-17.30.0-150200.36.1
    • libsolv-tools-0.7.22-150200.12.1
    • zypper-debuginfo-1.14.52-150200.30.2
  • SUSE Linux Enterprise Micro for Rancher 5.2 (noarch)
    • zypper-needs-restarting-1.14.52-150200.30.2

References: