Recommended update for libzypp, zypper, libsolv and PackageKit
Announcement ID: | SUSE-RU-2019:2742-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves three vulnerabilities and has 18 fixes can now be installed.
Description:
This update for libzypp, zypper, libsolv and PackageKit fixes the following issues:
Security issues fixed in libsolv:
- CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c (function testcase_read) (bsc#1120629).
- CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a (bsc#1120630).
- CVE-2018-20534: Fixed illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a (bsc#1120631).
Other issues addressed in libsolv:
- Fixed an issue where libsolv failed to build against swig 4.0 by updating the version to 0.7.5 (bsc#1135749).
- Fixed an issue with the package name (bsc#1131823).
- repo_add_rpmdb: do not copy bad solvables from the old solv file
- Fixed an issue with cleandeps updates in which all packages were not updated
- Experimental DISTTYPE_CONDA and REL_CONDA support
- Fixed cleandeps jobs when using patterns (bsc#1137977)
- Fixed favorq leaking between solver runs if the solver is reused
- Fixed SOLVER_FLAG_FOCUS_BEST updateing packages without reason
- Be more correct with multiversion packages that obsolete their own name (bnc#1127155)
- Fix repository priority handling for multiversion packages
- Make code compatible with swig 4.0, remove obj0 instances
- repo2solv: support zchunk compressed data
- Remove NO_BRP_STRIP_DEBUG=true as brp-15-strip-debug will not strip debug info for archives
Issues fixed in libzypp:
- Fix empty metalink downloads if filesize is unknown (bsc#1153557)
- Recognize riscv64 as architecture
- Fix installation of new header file (fixes #185)
- zypp.conf: Introduce
solver.focus
to define the resolvers general attitude when resolving jobs. (bsc#1146415) - New container detection algorithm for zypper ps (bsc#1146947)
- Fix leaking filedescriptors in MediaCurl. (bsc#1116995)
- Run file conflict check on dry-run. (bsc#1140039)
- Do not remove orphan products if the .prod file is owned by a package. (bsc#1139795)
- Rephrase file conflict check summary. (bsc#1140039)
- Fix bash completions option detection. (bsc#1049825)
- Fixes a bug where zypper exited on SIGPIPE when downloading packages (bsc#1145521)
- Fixes an issue where zypper exited with a segmentation fault when updating via YaST2 (bsc#1146027)
- PublicKey::algoName: supply key algorithm and length
Issues fixed in zypper:
- Update to version 1.14.30
- Ignore SIGPIPE while STDOUT/STDERR are OK (bsc#1145521)
- Dump stacktrace on SIGPIPE (bsc#1145521)
- info: The requested info must be shown in QUIET mode (fixes #287)
- Fix local/remote url classification.
- Rephrase file conflict check summary (bsc#1140039)
- Fix bash completions option detection (bsc#1049825)
- man: split '--with[out]' like options to ease searching.
- Unhided 'ps' command in help
- Added option to show more conflict information
- Rephrased
zypper ps
hint (bsc#859480) - Fixed repo refresh not returning 106-ZYPPER_EXIT_INF_REPOS_SKIPPED if --root is used (bsc#1134226)
- Fixed unknown package handling in zypper install (bsc#1127608)
- Re-show progress bar after pressing retry upon install error (bsc#1131113)
Issues fixed in PackageKit:
- Port the cron configuration variables to the systemd timer script, and add -sendwait parameter to mail in the script(bsc#1130306).
Special Instructions and Notes:
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
Basesystem Module 15-SP1
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2742=1
-
Desktop Applications Module 15-SP1
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2742=1
-
Development Tools Module 15-SP1
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2742=1
-
SUSE Package Hub 15 15-SP1
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2019-2742=1
-
SUSE Linux Enterprise Workstation Extension 15 SP1
zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2742=1
Package List:
-
Basesystem Module 15-SP1 (aarch64 ppc64le s390x x86_64)
- libzypp-debugsource-17.15.0-3.9.1
- libyui-qt-pkg-debugsource-2.45.27-3.3.5
- libsolv-devel-debuginfo-0.7.6-3.7.2
- libyui-qt-pkg9-2.45.27-3.3.5
- libsolv-debugsource-0.7.6-3.7.2
- libsolv-debuginfo-0.7.6-3.7.2
- libyui-ncurses-pkg9-debuginfo-2.48.9-7.3.5
- libsolv-tools-0.7.6-3.7.2
- yast2-pkg-bindings-debuginfo-4.1.2-3.3.5
- python3-solv-0.7.6-3.7.2
- zypper-1.14.30-3.7.2
- libzypp-17.15.0-3.9.1
- yast2-pkg-bindings-debugsource-4.1.2-3.3.5
- libsolv-tools-debuginfo-0.7.6-3.7.2
- python3-solv-debuginfo-0.7.6-3.7.2
- libyui-ncurses-pkg9-2.48.9-7.3.5
- yast2-pkg-bindings-4.1.2-3.3.5
- zypper-debuginfo-1.14.30-3.7.2
- libyui-qt-pkg9-debuginfo-2.45.27-3.3.5
- libyui-ncurses-pkg-debugsource-2.48.9-7.3.5
- zypper-debugsource-1.14.30-3.7.2
- libsolv-devel-0.7.6-3.7.2
- libzypp-debuginfo-17.15.0-3.9.1
- libzypp-devel-17.15.0-3.9.1
- libyui-ncurses-pkg-devel-2.48.9-7.3.5
-
Basesystem Module 15-SP1 (noarch)
- libyui-qt-pkg-doc-2.45.27-3.3.3
- libyui-ncurses-pkg-doc-2.48.9-7.3.3
- zypper-needs-restarting-1.14.30-3.7.2
- zypper-log-1.14.30-3.7.2
-
Desktop Applications Module 15-SP1 (aarch64 ppc64le s390x x86_64)
- libpackagekit-glib2-18-1.1.10-12.3.5
- PackageKit-1.1.10-12.3.5
- typelib-1_0-PackageKitGlib-1_0-1.1.10-12.3.5
- libyui-qt-pkg-debugsource-2.45.27-3.3.5
- libyui-qt-pkg-devel-2.45.27-3.3.5
- PackageKit-debugsource-1.1.10-12.3.5
- PackageKit-debuginfo-1.1.10-12.3.5
- PackageKit-devel-1.1.10-12.3.5
- PackageKit-devel-debuginfo-1.1.10-12.3.5
- libpackagekit-glib2-devel-1.1.10-12.3.5
- PackageKit-backend-zypp-debuginfo-1.1.10-12.3.5
- PackageKit-backend-zypp-1.1.10-12.3.5
- libpackagekit-glib2-18-debuginfo-1.1.10-12.3.5
-
Desktop Applications Module 15-SP1 (noarch)
- PackageKit-lang-1.1.10-12.3.5
-
Development Tools Module 15-SP1 (aarch64 ppc64le s390x x86_64)
- perl-solv-0.7.6-3.7.2
- ruby-solv-debuginfo-0.7.6-3.7.2
- perl-solv-debuginfo-0.7.6-3.7.2
- libsolv-debugsource-0.7.6-3.7.2
- libsolv-debuginfo-0.7.6-3.7.2
- ruby-solv-0.7.6-3.7.2
-
SUSE Package Hub 15 15-SP1 (aarch64 ppc64le s390x x86_64)
- python-solv-debuginfo-0.7.6-3.7.2
- libsolv-debuginfo-0.7.6-3.7.2
- python-solv-0.7.6-3.7.2
- libsolv-debugsource-0.7.6-3.7.2
-
SUSE Linux Enterprise Workstation Extension 15 SP1 (x86_64)
- PackageKit-gstreamer-plugin-1.1.10-12.3.5
- PackageKit-gtk3-module-1.1.10-12.3.5
- PackageKit-gtk3-module-debuginfo-1.1.10-12.3.5
- PackageKit-debugsource-1.1.10-12.3.5
- PackageKit-debuginfo-1.1.10-12.3.5
- PackageKit-gstreamer-plugin-debuginfo-1.1.10-12.3.5
References:
- https://www.suse.com/security/cve/CVE-2018-20532.html
- https://www.suse.com/security/cve/CVE-2018-20533.html
- https://www.suse.com/security/cve/CVE-2018-20534.html
- https://bugzilla.suse.com/show_bug.cgi?id=1049825
- https://bugzilla.suse.com/show_bug.cgi?id=1116995
- https://bugzilla.suse.com/show_bug.cgi?id=1120629
- https://bugzilla.suse.com/show_bug.cgi?id=1120630
- https://bugzilla.suse.com/show_bug.cgi?id=1120631
- https://bugzilla.suse.com/show_bug.cgi?id=1127155
- https://bugzilla.suse.com/show_bug.cgi?id=1127608
- https://bugzilla.suse.com/show_bug.cgi?id=1130306
- https://bugzilla.suse.com/show_bug.cgi?id=1131113
- https://bugzilla.suse.com/show_bug.cgi?id=1131823
- https://bugzilla.suse.com/show_bug.cgi?id=1134226
- https://bugzilla.suse.com/show_bug.cgi?id=1135749
- https://bugzilla.suse.com/show_bug.cgi?id=1137977
- https://bugzilla.suse.com/show_bug.cgi?id=1139795
- https://bugzilla.suse.com/show_bug.cgi?id=1140039
- https://bugzilla.suse.com/show_bug.cgi?id=1145521
- https://bugzilla.suse.com/show_bug.cgi?id=1146027
- https://bugzilla.suse.com/show_bug.cgi?id=1146415
- https://bugzilla.suse.com/show_bug.cgi?id=1146947
- https://bugzilla.suse.com/show_bug.cgi?id=1153557
- https://bugzilla.suse.com/show_bug.cgi?id=859480