Recommended update for Package Management Stack

Announcement ID:	SUSE-RU-2015:1175-1
Rating:	moderate
References:	bsc#725867 bsc#820693 bsc#828631 bsc#832519 bsc#848054 bsc#892431 bsc#893294 bsc#896224 bsc#897301 bsc#899510 bsc#899603 bsc#899781 bsc#899907 bsc#901590 bsc#901691 bsc#903405 bsc#903675 bsc#904737 bsc#906549 bsc#908135 bsc#908345 bsc#908976 bsc#909143 bsc#909244 bsc#909772 bsc#911335 bsc#911658 bsc#914258 bsc#914284 bsc#915461 bsc#915928 bsc#916254 bsc#919709 bsc#921332 bsc#922352 bsc#923800 bsc#925678 bsc#925696 bsc#927319 bsc#929483 bsc#929528 bsc#929593 bsc#929990 bsc#931601 bsc#932393 bsc#933277
Cross-References:	CVE-2014-3566
CVSS scores:	CVE-2014-3566 ( NVD ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
Affected Products:	SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Software Bootstrap Kit 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Workstation Extension 12

An update that solves one vulnerability and has 45 fixes can now be installed.

Description:

This update provides fixes and enhancements for the Software Update Stack.

gnome-packagekit:

• Fix title of license agreement window. (bsc#927319)

libsolv:

• Rework splitprovides handling. (bnc#921332)
• Add product:regflavor attribute. (bnc#896224)
• Fix bug in reorder_dq_for_jobrules that could lead to crashes. (bnc#899907)
• Fix bug in dislike_old_versions that could lead to a segfault. (bnc#922352)
• Add manpages for the tools.

libzypp:

• Add configuration values for gpgcheck, repo_gpgcheck and pkg_gpgcheck to zypp.conf. (FATE#314603)
• Support $releasever_major/$releasever_minor repo variables. (FATE#318354)
• Support repo variable replacement in service url.
• Support repo variable replacement in gpg url.
• Add support for SHA224/384/512.
• Don't execute scripts in /tmp or /var/tmp, as they could be mounted noexec for security reasons. (bnc#915928)
• Let $ZYPP_REPO_RELEASEVER overwrite $releasever in .repo files. (bnc#911658)
• Parse and offer productRegisterFlavor attribute. (bnc#896224)
• Improve conflict message for locked packages. (bnc#828631)
• Fix broken de-escaping in str::splitEscaped. (bnc#909772)
• Filter PIDs running in a container. (bnc#909143)
• Suppress informal license (no need to accept) upon update. (bnc#908976)
• Adapt to gpg-2.1. (bnc#908135)
• Call rpm with '--noglob'. (bnc#892431)
• Fix URL path concatenation in MediaCurl. (bnc#901590)
• Move doxygen html doc to libzypp-devel-doc. (bnc#901691)
• Support parsing multiple baseurls from a repo file. (bnc#899510)
• Suppress MediaChangeReport while testing multiple baseurls. (bnc#899510)
• Fix handling local mirrorlist= files in .repo. (bnc#899510)
• Prevent POODLE by talking TLS only. (bnc#903405)
• Fix segmentation fault when dumping rpm header with epoch. (bnc#929483)
• Handle repository aliases containing ']' correctly. (bnc#929528)
• Avoid nested exception on user abort. (bnc#931601)
• Fix SSL client certificate authentication via URL option ssl_clientcert/ssl_clientkey. (bnc#932393)

libzypp-bindings:

• Enforce Python 2.7 libzypp-bindings is not yet ready for Python 3.
• Adapt to libzypp changes.

zypper:

• Implement and document GPG signature checking. (FATE#314603)
• Enhance 'Digest verification failed' message and dialog. (FATE#315008)
• Refresh plugin services on 'lr' 'ls -r' and 'ref'. (bnc#893294, FATE#318117) Repositories provided by a plugin service (SUSE Manager) must always be (auto-)refreshed to reflect server side changes immediately.
• Allow repo:package to reinstall from a different repo. (bnc#725867)
• Suppress MediaChangeReport while testing multiple baseurls. (bnc#899510)
• A date limit must ignore newer patch candidates. (bnc#919709)
• Notify about volatile changes to service repos. (bnc#916254)
• Change column header from 'Login' to 'User'. (bnc#915461)
• Fix wrong exit status using the --xmlout option. (bnc#914258)
• Add new color/pkglistHighlightAttribute to zypper.conf. (bnc#914284)
• New global option --releasever: Set the value of the $releasever variable in all .repo files. This can be used to switch to new distribution repositories when performing a distribution upgrade. (bnc#911658)
• Clarify legacy warning. (bnc#911335)
• Show new product:registerflavor attribute in 'zypper info'. (bnc#896224)
• Enhance message text when skipping repos due to an error. (bnc#909244)
• Fix additional spaces in zypper output and new colorization code. (bnc#908345)
• Properly reset auto-retry counter. (bnc#906549)
• Improve patch description in man page. (bnc#904737)
• Warn about repositories with 'gpgcheck=0'. (bnc#848054)
• Summary: quote names including spaces. (bnc#903675)
• Warn if legacy CLI options are used. (bnc#899781)
• Fix prompt returning undefined default value after wrong input. (bnc#925696)
• Fix typo in man page. (bnc#923800)
• Only use ANSI color codes on terminals. (bnc#925678)
• Fix table sorting with option --sort-by-priority. (bnc#832519)
• Clarify 'zypper lp --date' description. (bnc#929593)
• Warn user that deleting a service repository is a volatile change. (bnc#929990)
• Adapt Enterprise product detection, fixing display of package's support status. (bnc#933277)
• Fix format of sizes in output. (bnc#897301)
• Clarify comment in zypper.conf. (bnc#820693)

Special Instructions and Notes:

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Software Bootstrap Kit 12
  zypper in -t patch SUSE-SLE-BSK-12-2015-294=1
• SUSE Linux Enterprise Desktop 12
  zypper in -t patch SUSE-SLE-DESKTOP-12-2015-294=1
• SUSE Linux Enterprise Software Development Kit 12
  zypper in -t patch SUSE-SLE-SDK-12-2015-294=1
• SUSE Linux Enterprise Server 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-294=1
• SUSE Linux Enterprise Server for SAP Applications 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-294=1
• SUSE Linux Enterprise Workstation Extension 12
  zypper in -t patch SUSE-SLE-WE-12-2015-294=1

Package List:

• SUSE Linux Enterprise Software Bootstrap Kit 12 (noarch)
  • PackageKit-branding-upstream-0.8.16-11.15
• SUSE Linux Enterprise Desktop 12 (x86_64)
  • libpackagekit-glib2-16-debuginfo-0.8.16-11.15
  • yast2-pkg-bindings-debuginfo-3.1.20-3.3
  • libyui-qt-pkg-debugsource-2.44.7-3.2
  • PackageKit-debuginfo-0.8.16-11.15
  • gnome-packagekit-debugsource-3.10.1-8.13
  • gnome-packagekit-debuginfo-3.10.1-8.13
  • libzypp-debuginfo-14.39.0-10.1
  • libsolv-tools-debuginfo-0.6.11-8.1
  • libsolv-debugsource-0.6.11-8.1
  • libsolv-tools-0.6.11-8.1
  • python-solv-debuginfo-0.6.11-8.1
  • typelib-1_0-PackageKitGlib-1_0-0.8.16-11.15
  • libyui-ncurses-pkg6-2.46.1-3.4
  • libyui-ncurses-pkg-debugsource-2.46.1-3.4
  • zypper-debugsource-1.11.32-8.1
  • yast2-pkg-bindings-debugsource-3.1.20-3.3
  • PackageKit-backend-zypp-debuginfo-0.8.16-11.15
  • PackageKit-gstreamer-plugin-0.8.16-11.15
  • python-zypp-0.6.4-5.3
  • libyui-ncurses-pkg6-debuginfo-2.46.1-3.4
  • libyui-qt-pkg6-2.44.7-3.2
  • libyui-qt-pkg6-debuginfo-2.44.7-3.2
  • PackageKit-debugsource-0.8.16-11.15
  • libpackagekit-glib2-16-0.8.16-11.15
  • PackageKit-0.8.16-11.15
  • zypper-debuginfo-1.11.32-8.1
  • PackageKit-gstreamer-plugin-debuginfo-0.8.16-11.15
  • python-solv-0.6.11-8.1
  • libzypp-debugsource-14.39.0-10.1
  • zypper-1.11.32-8.1
  • libzypp-14.39.0-10.1
  • yast2-pkg-bindings-3.1.20-3.3
  • gnome-packagekit-3.10.1-8.13
  • PackageKit-backend-zypp-0.8.16-11.15
• SUSE Linux Enterprise Desktop 12 (noarch)
  • gnome-packagekit-lang-3.10.1-8.13
  • zypper-log-1.11.32-8.1
  • PackageKit-lang-0.8.16-11.15
• SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64)
  • libzypp-devel-14.39.0-10.1
  • libsolv-devel-debuginfo-0.6.11-8.1
  • libpackagekit-glib2-devel-0.8.16-11.15
  • libyui-qt-pkg-devel-2.44.7-3.2
  • typelib-1_0-PackageKitPlugin-1_0-0.8.16-11.15
  • libzypp-debugsource-14.39.0-10.1
  • libyui-qt-pkg-debugsource-2.44.7-3.2
  • PackageKit-debuginfo-0.8.16-11.15
  • libsolv-debugsource-0.6.11-8.1
  • PackageKit-devel-0.8.16-11.15
  • perl-zypp-0.6.4-5.3
  • libyui-ncurses-pkg-devel-2.46.1-3.4
  • PackageKit-debugsource-0.8.16-11.15
  • libyui-ncurses-pkg-debugsource-2.46.1-3.4
  • libzypp-debuginfo-14.39.0-10.1
  • PackageKit-devel-debuginfo-0.8.16-11.15
  • perl-solv-0.6.11-8.1
  • libsolv-devel-0.6.11-8.1
  • perl-solv-debuginfo-0.6.11-8.1
• SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
  • libpackagekit-glib2-16-debuginfo-0.8.16-11.15
  • yast2-pkg-bindings-debuginfo-3.1.20-3.3
  • libyui-qt-pkg-debugsource-2.44.7-3.2
  • PackageKit-debuginfo-0.8.16-11.15
  • gnome-packagekit-debugsource-3.10.1-8.13
  • gnome-packagekit-debuginfo-3.10.1-8.13
  • libzypp-debuginfo-14.39.0-10.1
  • libsolv-tools-debuginfo-0.6.11-8.1
  • libsolv-debugsource-0.6.11-8.1
  • libsolv-tools-0.6.11-8.1
  • python-solv-debuginfo-0.6.11-8.1
  • typelib-1_0-PackageKitGlib-1_0-0.8.16-11.15
  • libyui-ncurses-pkg6-2.46.1-3.4
  • libyui-ncurses-pkg-debugsource-2.46.1-3.4
  • zypper-debugsource-1.11.32-8.1
  • perl-solv-debuginfo-0.6.11-8.1
  • PackageKit-backend-zypp-debuginfo-0.8.16-11.15
  • yast2-pkg-bindings-debugsource-3.1.20-3.3
  • python-zypp-0.6.4-5.3
  • libyui-ncurses-pkg6-debuginfo-2.46.1-3.4
  • libyui-qt-pkg6-2.44.7-3.2
  • libyui-qt-pkg6-debuginfo-2.44.7-3.2
  • PackageKit-debugsource-0.8.16-11.15
  • perl-solv-0.6.11-8.1
  • libpackagekit-glib2-16-0.8.16-11.15
  • PackageKit-0.8.16-11.15
  • zypper-debuginfo-1.11.32-8.1
  • python-solv-0.6.11-8.1
  • libzypp-debugsource-14.39.0-10.1
  • zypper-1.11.32-8.1
  • libzypp-14.39.0-10.1
  • yast2-pkg-bindings-3.1.20-3.3
  • gnome-packagekit-3.10.1-8.13
  • PackageKit-backend-zypp-0.8.16-11.15
• SUSE Linux Enterprise Server 12 (noarch)
  • gnome-packagekit-lang-3.10.1-8.13
  • zypper-log-1.11.32-8.1
  • PackageKit-lang-0.8.16-11.15
• SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
  • libpackagekit-glib2-16-debuginfo-0.8.16-11.15
  • yast2-pkg-bindings-debuginfo-3.1.20-3.3
  • libyui-qt-pkg-debugsource-2.44.7-3.2
  • PackageKit-debuginfo-0.8.16-11.15
  • gnome-packagekit-debugsource-3.10.1-8.13
  • gnome-packagekit-debuginfo-3.10.1-8.13
  • libzypp-debuginfo-14.39.0-10.1
  • libsolv-tools-debuginfo-0.6.11-8.1
  • libsolv-debugsource-0.6.11-8.1
  • libsolv-tools-0.6.11-8.1
  • python-solv-debuginfo-0.6.11-8.1
  • typelib-1_0-PackageKitGlib-1_0-0.8.16-11.15
  • libyui-ncurses-pkg6-2.46.1-3.4
  • libyui-ncurses-pkg-debugsource-2.46.1-3.4
  • zypper-debugsource-1.11.32-8.1
  • perl-solv-debuginfo-0.6.11-8.1
  • PackageKit-backend-zypp-debuginfo-0.8.16-11.15
  • yast2-pkg-bindings-debugsource-3.1.20-3.3
  • python-zypp-0.6.4-5.3
  • libyui-ncurses-pkg6-debuginfo-2.46.1-3.4
  • libyui-qt-pkg6-2.44.7-3.2
  • libyui-qt-pkg6-debuginfo-2.44.7-3.2
  • PackageKit-debugsource-0.8.16-11.15
  • perl-solv-0.6.11-8.1
  • libpackagekit-glib2-16-0.8.16-11.15
  • PackageKit-0.8.16-11.15
  • zypper-debuginfo-1.11.32-8.1
  • python-solv-0.6.11-8.1
  • libzypp-debugsource-14.39.0-10.1
  • zypper-1.11.32-8.1
  • libzypp-14.39.0-10.1
  • yast2-pkg-bindings-3.1.20-3.3
  • gnome-packagekit-3.10.1-8.13
  • PackageKit-backend-zypp-0.8.16-11.15
• SUSE Linux Enterprise Server for SAP Applications 12 (noarch)
  • gnome-packagekit-lang-3.10.1-8.13
  • zypper-log-1.11.32-8.1
  • PackageKit-lang-0.8.16-11.15
• SUSE Linux Enterprise Workstation Extension 12 (x86_64)
  • PackageKit-gstreamer-plugin-0.8.16-11.15
  • PackageKit-debugsource-0.8.16-11.15
  • PackageKit-gstreamer-plugin-debuginfo-0.8.16-11.15
  • PackageKit-debuginfo-0.8.16-11.15

References:

• https://www.suse.com/security/cve/CVE-2014-3566.html
• https://bugzilla.suse.com/show_bug.cgi?id=725867
• https://bugzilla.suse.com/show_bug.cgi?id=820693
• https://bugzilla.suse.com/show_bug.cgi?id=828631
• https://bugzilla.suse.com/show_bug.cgi?id=832519
• https://bugzilla.suse.com/show_bug.cgi?id=848054
• https://bugzilla.suse.com/show_bug.cgi?id=892431
• https://bugzilla.suse.com/show_bug.cgi?id=893294
• https://bugzilla.suse.com/show_bug.cgi?id=896224
• https://bugzilla.suse.com/show_bug.cgi?id=897301
• https://bugzilla.suse.com/show_bug.cgi?id=899510
• https://bugzilla.suse.com/show_bug.cgi?id=899603
• https://bugzilla.suse.com/show_bug.cgi?id=899781
• https://bugzilla.suse.com/show_bug.cgi?id=899907
• https://bugzilla.suse.com/show_bug.cgi?id=901590
• https://bugzilla.suse.com/show_bug.cgi?id=901691
• https://bugzilla.suse.com/show_bug.cgi?id=903405
• https://bugzilla.suse.com/show_bug.cgi?id=903675
• https://bugzilla.suse.com/show_bug.cgi?id=904737
• https://bugzilla.suse.com/show_bug.cgi?id=906549
• https://bugzilla.suse.com/show_bug.cgi?id=908135
• https://bugzilla.suse.com/show_bug.cgi?id=908345
• https://bugzilla.suse.com/show_bug.cgi?id=908976
• https://bugzilla.suse.com/show_bug.cgi?id=909143
• https://bugzilla.suse.com/show_bug.cgi?id=909244
• https://bugzilla.suse.com/show_bug.cgi?id=909772
• https://bugzilla.suse.com/show_bug.cgi?id=911335
• https://bugzilla.suse.com/show_bug.cgi?id=911658
• https://bugzilla.suse.com/show_bug.cgi?id=914258
• https://bugzilla.suse.com/show_bug.cgi?id=914284
• https://bugzilla.suse.com/show_bug.cgi?id=915461
• https://bugzilla.suse.com/show_bug.cgi?id=915928
• https://bugzilla.suse.com/show_bug.cgi?id=916254
• https://bugzilla.suse.com/show_bug.cgi?id=919709
• https://bugzilla.suse.com/show_bug.cgi?id=921332
• https://bugzilla.suse.com/show_bug.cgi?id=922352
• https://bugzilla.suse.com/show_bug.cgi?id=923800
• https://bugzilla.suse.com/show_bug.cgi?id=925678
• https://bugzilla.suse.com/show_bug.cgi?id=925696
• https://bugzilla.suse.com/show_bug.cgi?id=927319
• https://bugzilla.suse.com/show_bug.cgi?id=929483
• https://bugzilla.suse.com/show_bug.cgi?id=929528
• https://bugzilla.suse.com/show_bug.cgi?id=929593
• https://bugzilla.suse.com/show_bug.cgi?id=929990
• https://bugzilla.suse.com/show_bug.cgi?id=931601
• https://bugzilla.suse.com/show_bug.cgi?id=932393
• https://bugzilla.suse.com/show_bug.cgi?id=933277