SuSE Local Security Checks : openSUSE: Security Advisory for libzypp (openSUSE-SU-2018:2881-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.851914

Kategorie: SuSE Local Security Checks

Titel: openSUSE: Security Advisory for libzypp (openSUSE-SU-2018:2881-1)

Zusammenfassung: The remote host is missing an update for the 'libzypp'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'libzypp'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for libzypp, zypper fixes the following issues:

Update libzypp to version 16.17.20:

Security issues fixed:

- PackageProvider: Validate delta rpms before caching (bsc#1091624,
bsc#1088705, CVE-2018-7685)

- PackageProvider: Validate downloaded rpm package signatures before
caching (bsc#1091624, bsc#1088705, CVE-2018-7685)

Other bugs fixed:

- lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304)

- Handle http error 502 Bad Gateway in curl backend (bsc#1070851)

- RepoManager: Explicitly request repo2solv to generate application pseudo
packages.

- libzypp-devel should not require cmake (bsc#1101349)

- HardLocksFile: Prevent against empty commit without Target having been
been loaded (bsc#1096803)

- Avoid zombie tar processes (bsc#1076192)

Update to zypper to version 1.13.45:

Other bugs fixed:

- XML install-summary attribute `packages-to-change` added (bsc#1102429)

- man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf
(bsc#1100028)

- Prevent nested calls to exit() if aborted by a signal (bsc#1092413)

- ansi.h: Prevent ESC sequence strings from going out of scope
(bsc#1092413)

- Fix: zypper bash completion expands non-existing options (bsc#1049825)

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1054=1

Affected Software/OS:
libzypp, on openSUSE Leap 42.3

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-7685
http://lists.suse.com/pipermail/sle-security-updates/2018-August/004510.html
https://www.suse.com/de-de/security/cve/CVE-2018-7685/

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.851914
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for libzypp (openSUSE-SU-2018:2881-1)
Zusammenfassung:	The remote host is missing an update for the 'libzypp'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libzypp' package(s) announced via the referenced advisory. Vulnerability Insight: This update for libzypp, zypper fixes the following issues: Update libzypp to version 16.17.20: Security issues fixed: - PackageProvider: Validate delta rpms before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) - PackageProvider: Validate downloaded rpm package signatures before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) Other bugs fixed: - lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304) - Handle http error 502 Bad Gateway in curl backend (bsc#1070851) - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - libzypp-devel should not require cmake (bsc#1101349) - HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803) - Avoid zombie tar processes (bsc#1076192) Update to zypper to version 1.13.45: Other bugs fixed: - XML install-summary attribute `packages-to-change` added (bsc#1102429) - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028) - Prevent nested calls to exit() if aborted by a signal (bsc#1092413) - ansi.h: Prevent ESC sequence strings from going out of scope (bsc#1092413) - Fix: zypper bash completion expands non-existing options (bsc#1049825) This update was imported from the SUSE:SLE-12-SP3:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-1054=1 Affected Software/OS: libzypp, on openSUSE Leap 42.3 Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-7685 http://lists.suse.com/pipermail/sle-security-updates/2018-August/004510.html https://www.suse.com/de-de/security/cve/CVE-2018-7685/
Copyright	Copyright (C) 2018 Greenbone Networks GmbH