{"affected":[{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.6-3.7.2","libsolv-tools":"0.7.6-3.7.2","libyui-ncurses-pkg-devel":"2.48.9-7.3.5","libyui-ncurses-pkg-doc":"2.48.9-7.3.3","libyui-ncurses-pkg9":"2.48.9-7.3.5","libyui-qt-pkg-doc":"2.45.27-3.3.3","libyui-qt-pkg9":"2.45.27-3.3.5","libzypp":"17.15.0-3.9.1","libzypp-devel":"17.15.0-3.9.1","python3-solv":"0.7.6-3.7.2","yast2-pkg-bindings":"4.1.2-3.3.5","zypper":"1.14.30-3.7.2","zypper-log":"1.14.30-3.7.2","zypper-needs-restarting":"1.14.30-3.7.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP1","name":"libsolv","purl":"pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.6-3.7.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.6-3.7.2","libsolv-tools":"0.7.6-3.7.2","libyui-ncurses-pkg-devel":"2.48.9-7.3.5","libyui-ncurses-pkg-doc":"2.48.9-7.3.3","libyui-ncurses-pkg9":"2.48.9-7.3.5","libyui-qt-pkg-doc":"2.45.27-3.3.3","libyui-qt-pkg9":"2.45.27-3.3.5","libzypp":"17.15.0-3.9.1","libzypp-devel":"17.15.0-3.9.1","python3-solv":"0.7.6-3.7.2","yast2-pkg-bindings":"4.1.2-3.3.5","zypper":"1.14.30-3.7.2","zypper-log":"1.14.30-3.7.2","zypper-needs-restarting":"1.14.30-3.7.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP1","name":"libyui-ncurses-pkg","purl":"pkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.48.9-7.3.5"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.6-3.7.2","libsolv-tools":"0.7.6-3.7.2","libyui-ncurses-pkg-devel":"2.48.9-7.3.5","libyui-ncurses-pkg-doc":"2.48.9-7.3.3","libyui-ncurses-pkg9":"2.48.9-7.3.5","libyui-qt-pkg-doc":"2.45.27-3.3.3","libyui-qt-pkg9":"2.45.27-3.3.5","libzypp":"17.15.0-3.9.1","libzypp-devel":"17.15.0-3.9.1","python3-solv":"0.7.6-3.7.2","yast2-pkg-bindings":"4.1.2-3.3.5","zypper":"1.14.30-3.7.2","zypper-log":"1.14.30-3.7.2","zypper-needs-restarting":"1.14.30-3.7.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP1","name":"libyui-ncurses-pkg-doc","purl":"pkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.48.9-7.3.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.6-3.7.2","libsolv-tools":"0.7.6-3.7.2","libyui-ncurses-pkg-devel":"2.48.9-7.3.5","libyui-ncurses-pkg-doc":"2.48.9-7.3.3","libyui-ncurses-pkg9":"2.48.9-7.3.5","libyui-qt-pkg-doc":"2.45.27-3.3.3","libyui-qt-pkg9":"2.45.27-3.3.5","libzypp":"17.15.0-3.9.1","libzypp-devel":"17.15.0-3.9.1","python3-solv":"0.7.6-3.7.2","yast2-pkg-bindings":"4.1.2-3.3.5","zypper":"1.14.30-3.7.2","zypper-log":"1.14.30-3.7.2","zypper-needs-restarting":"1.14.30-3.7.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP1","name":"libyui-qt-pkg","purl":"pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.45.27-3.3.5"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.6-3.7.2","libsolv-tools":"0.7.6-3.7.2","libyui-ncurses-pkg-devel":"2.48.9-7.3.5","libyui-ncurses-pkg-doc":"2.48.9-7.3.3","libyui-ncurses-pkg9":"2.48.9-7.3.5","libyui-qt-pkg-doc":"2.45.27-3.3.3","libyui-qt-pkg9":"2.45.27-3.3.5","libzypp":"17.15.0-3.9.1","libzypp-devel":"17.15.0-3.9.1","python3-solv":"0.7.6-3.7.2","yast2-pkg-bindings":"4.1.2-3.3.5","zypper":"1.14.30-3.7.2","zypper-log":"1.14.30-3.7.2","zypper-needs-restarting":"1.14.30-3.7.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP1","name":"libyui-qt-pkg-doc","purl":"pkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.45.27-3.3.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.6-3.7.2","libsolv-tools":"0.7.6-3.7.2","libyui-ncurses-pkg-devel":"2.48.9-7.3.5","libyui-ncurses-pkg-doc":"2.48.9-7.3.3","libyui-ncurses-pkg9":"2.48.9-7.3.5","libyui-qt-pkg-doc":"2.45.27-3.3.3","libyui-qt-pkg9":"2.45.27-3.3.5","libzypp":"17.15.0-3.9.1","libzypp-devel":"17.15.0-3.9.1","python3-solv":"0.7.6-3.7.2","yast2-pkg-bindings":"4.1.2-3.3.5","zypper":"1.14.30-3.7.2","zypper-log":"1.14.30-3.7.2","zypper-needs-restarting":"1.14.30-3.7.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP1","name":"libzypp","purl":"pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"17.15.0-3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.6-3.7.2","libsolv-tools":"0.7.6-3.7.2","libyui-ncurses-pkg-devel":"2.48.9-7.3.5","libyui-ncurses-pkg-doc":"2.48.9-7.3.3","libyui-ncurses-pkg9":"2.48.9-7.3.5","libyui-qt-pkg-doc":"2.45.27-3.3.3","libyui-qt-pkg9":"2.45.27-3.3.5","libzypp":"17.15.0-3.9.1","libzypp-devel":"17.15.0-3.9.1","python3-solv":"0.7.6-3.7.2","yast2-pkg-bindings":"4.1.2-3.3.5","zypper":"1.14.30-3.7.2","zypper-log":"1.14.30-3.7.2","zypper-needs-restarting":"1.14.30-3.7.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP1","name":"yast2-pkg-bindings","purl":"pkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.1.2-3.3.5"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.6-3.7.2","libsolv-tools":"0.7.6-3.7.2","libyui-ncurses-pkg-devel":"2.48.9-7.3.5","libyui-ncurses-pkg-doc":"2.48.9-7.3.3","libyui-ncurses-pkg9":"2.48.9-7.3.5","libyui-qt-pkg-doc":"2.45.27-3.3.3","libyui-qt-pkg9":"2.45.27-3.3.5","libzypp":"17.15.0-3.9.1","libzypp-devel":"17.15.0-3.9.1","python3-solv":"0.7.6-3.7.2","yast2-pkg-bindings":"4.1.2-3.3.5","zypper":"1.14.30-3.7.2","zypper-log":"1.14.30-3.7.2","zypper-needs-restarting":"1.14.30-3.7.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP1","name":"zypper","purl":"pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.14.30-3.7.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"PackageKit":"1.1.10-12.3.5","PackageKit-backend-zypp":"1.1.10-12.3.5","PackageKit-devel":"1.1.10-12.3.5","PackageKit-lang":"1.1.10-12.3.5","libpackagekit-glib2-18":"1.1.10-12.3.5","libpackagekit-glib2-devel":"1.1.10-12.3.5","libyui-qt-pkg-devel":"2.45.27-3.3.5","typelib-1_0-PackageKitGlib-1_0":"1.1.10-12.3.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP1","name":"PackageKit","purl":"pkg:rpm/suse/PackageKit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.10-12.3.5"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"PackageKit":"1.1.10-12.3.5","PackageKit-backend-zypp":"1.1.10-12.3.5","PackageKit-devel":"1.1.10-12.3.5","PackageKit-lang":"1.1.10-12.3.5","libpackagekit-glib2-18":"1.1.10-12.3.5","libpackagekit-glib2-devel":"1.1.10-12.3.5","libyui-qt-pkg-devel":"2.45.27-3.3.5","typelib-1_0-PackageKitGlib-1_0":"1.1.10-12.3.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP1","name":"libyui-qt-pkg","purl":"pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.45.27-3.3.5"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"perl-solv":"0.7.6-3.7.2","ruby-solv":"0.7.6-3.7.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP1","name":"libsolv","purl":"pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.6-3.7.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python-solv":"0.7.6-3.7.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP1","name":"libsolv","purl":"pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.6-3.7.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"PackageKit-gstreamer-plugin":"1.1.10-12.3.5","PackageKit-gtk3-module":"1.1.10-12.3.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP1","name":"PackageKit","purl":"pkg:rpm/suse/PackageKit&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.10-12.3.5"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libzypp, zypper, libsolv and PackageKit fixes the following issues:\n\nSecurity issues fixed in libsolv:\n\n- CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c (function testcase_read) (bsc#1120629).\n- CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a (bsc#1120630).\n- CVE-2018-20534: Fixed illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a (bsc#1120631).\n\nOther issues addressed in libsolv:\n\n- Fixed an issue where libsolv failed to build against swig 4.0 by updating the version to 0.7.5 (bsc#1135749).\n- Fixed an issue with the package name (bsc#1131823).\n- repo_add_rpmdb: do not copy bad solvables from the old solv file\n- Fixed an issue with  cleandeps updates in which all packages were not updated\n- Experimental DISTTYPE_CONDA and REL_CONDA support\n- Fixed cleandeps jobs when using patterns (bsc#1137977)\n- Fixed favorq leaking between solver runs if the solver is reused\n- Fixed SOLVER_FLAG_FOCUS_BEST updateing packages without reason\n- Be more correct with multiversion packages that obsolete their own name (bnc#1127155)\n- Fix repository priority handling for multiversion packages\n- Make code compatible with swig 4.0, remove obj0 instances\n- repo2solv: support zchunk compressed data\n- Remove NO_BRP_STRIP_DEBUG=true as brp-15-strip-debug will\n  not strip debug info for archives\n\nIssues fixed in libzypp:\n\n- Fix empty metalink downloads if filesize is unknown (bsc#1153557)\n- Recognize riscv64 as architecture\n- Fix installation of new header file (fixes #185)\n- zypp.conf: Introduce `solver.focus` to define the resolvers general\n  attitude when resolving jobs. (bsc#1146415)\n- New container detection algorithm for zypper ps (bsc#1146947)\n- Fix leaking filedescriptors in MediaCurl. (bsc#1116995)\n- Run file conflict check on dry-run. (bsc#1140039)\n- Do not remove orphan products if the .prod file is owned by\n  a package. (bsc#1139795)\n- Rephrase file conflict check summary. (bsc#1140039)\n- Fix bash completions option detection. (bsc#1049825)\n- Fixes a bug where zypper exited on SIGPIPE when downloading packages (bsc#1145521)\n- Fixes an issue where zypper exited with a segmentation fault when updating via YaST2 (bsc#1146027)\n- PublicKey::algoName: supply key algorithm and length\n\nIssues fixed in zypper:\n\n- Update to version 1.14.30\n- Ignore SIGPIPE while STDOUT/STDERR are OK (bsc#1145521)\n- Dump stacktrace on SIGPIPE (bsc#1145521)\n- info: The requested info must be shown in QUIET mode (fixes #287)\n- Fix local/remote url classification.\n- Rephrase file conflict check summary (bsc#1140039)\n- Fix bash completions option detection (bsc#1049825)\n- man: split '--with[out]' like options to ease searching.\n- Unhided 'ps' command in help\n- Added option to show more conflict information\n- Rephrased `zypper ps` hint (bsc#859480)\n- Fixed repo refresh not returning 106-ZYPPER_EXIT_INF_REPOS_SKIPPED\n  if --root is used (bsc#1134226)\n- Fixed unknown package handling in zypper install (bsc#1127608)\n- Re-show progress bar after pressing retry upon install error (bsc#1131113)\n\n\nIssues fixed in PackageKit:\n\n- Port the cron configuration variables to the systemd timer script, and add -sendwait\n  parameter to mail in the script(bsc#1130306).\n\n","id":"SUSE-RU-2019:2742-1","modified":"2019-10-22T13:40:42Z","published":"2019-10-22T13:40:42Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/-2019-2742/suse-ru-20192742-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1049825"},{"type":"REPORT","url":"https://bugzilla.suse.com/1116995"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120629"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120630"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120631"},{"type":"REPORT","url":"https://bugzilla.suse.com/1127155"},{"type":"REPORT","url":"https://bugzilla.suse.com/1127608"},{"type":"REPORT","url":"https://bugzilla.suse.com/1130306"},{"type":"REPORT","url":"https://bugzilla.suse.com/1131113"},{"type":"REPORT","url":"https://bugzilla.suse.com/1131823"},{"type":"REPORT","url":"https://bugzilla.suse.com/1134226"},{"type":"REPORT","url":"https://bugzilla.suse.com/1135749"},{"type":"REPORT","url":"https://bugzilla.suse.com/1137977"},{"type":"REPORT","url":"https://bugzilla.suse.com/1139795"},{"type":"REPORT","url":"https://bugzilla.suse.com/1140039"},{"type":"REPORT","url":"https://bugzilla.suse.com/1145521"},{"type":"REPORT","url":"https://bugzilla.suse.com/1146027"},{"type":"REPORT","url":"https://bugzilla.suse.com/1146415"},{"type":"REPORT","url":"https://bugzilla.suse.com/1146947"},{"type":"REPORT","url":"https://bugzilla.suse.com/1153557"},{"type":"REPORT","url":"https://bugzilla.suse.com/859480"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20532"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20533"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20534"}],"related":["CVE-2018-20532","CVE-2018-20533","CVE-2018-20534"],"summary":"Recommended update for libzypp, zypper, libsolv and PackageKit","upstream":["CVE-2018-20532","CVE-2018-20533","CVE-2018-20534"]}