English | Deutsch | Espa├▒ol | Portugu├¬s
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SuSE Update for libzypp, openSUSE-SU-2018:2739-1 (libzypp, )
Summary:The remote host is missing an update for the 'libzypp, '; package(s) announced via the openSUSE-SU-2018:2739_1 advisory.
The remote host is missing an update for the 'libzypp, '
package(s) announced via the openSUSE-SU-2018:2739_1 advisory.

Vulnerability Insight:
This update for libzypp, zypper, libsolv provides the following fixes:

Security fixes in libzypp:

- CVE-2018-7685: PackageProvider: Validate RPMs before caching
(bsc#1091624, bsc#1088705)

- CVE-2017-9269: Be sure bad packages do not stay in the cache

Changes in libzypp:

- Update to version 17.6.4

- Automatically fetch repository signing key from gpgkey url (bsc#1088037)

- lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304)

- Check for not imported keys after multi key import from rpmdb

- Flags: make it std=c++14 ready

- Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617)

- Show GPGME version in log

- Adapt to changes in libgpgme11-11.1.0 breaking the signature
verification (bsc#1100427)

- RepoInfo::provideKey: add report telling where we look for missing keys.

- Support listing gpgkey URLs in repo files (bsc#1088037)

- Add new report to request user approval for importing a package key

- Handle http error 502 Bad Gateway in curl backend (bsc#1070851)

- Add filesize check for downloads with known size (bsc#408814)

- Removed superfluous space in translation (bsc#1102019)

- Prevent the system from sleeping during a commit

- RepoManager: Explicitly request repo2solv to generate application pseudo

- libzypp-devel should not require cmake (bsc#1101349)

- Avoid zombies from ExternalProgram

- Update ApiConfig

- HardLocksFile: Prevent against empty commit without Target having been
been loaded (bsc#1096803)

- lsof: use '-K i' if lsof supports it (bsc#1099847)

- Add filesize check for downloads with known size (bsc#408814)

- Fix detection of metalink downloads and prevent aborting if a metalink
file is larger than the expected data file.

- Require libsolv-devel = 0.6.35 during build (fixing bsc#1100095)

- Make use of %license macro (bsc#1082318)

Security fix in zypper:

- CVE-2017-9269: Improve signature check callback messages (bsc#1045735)

Changes in zypper:

- Always set error status if any nr of unknown repositories are passed to
lr and ref (bsc#1093103)

- Notify user about unsupported rpm V3 keys in an old rpm database

- Detect read only filesystem on system modifying operations (fixes #199)

- Use %license (bsc#1082318)

- Handle repo aliases containing multiple ':' in the PackageArgs parser
(bsc #1041178)

- Fix broken display of detailed query results.

- Fix broken search for items with a dash. (bsc#907538, bsc#1043166,

- Disable repository operations when searching installed packages.

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
libzypp, on openSUSE Leap 15.0.

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-9269
SuSE Security Announcement: SUSE-SU-2017:2040 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2018-7685
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 72306 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
Registered User Login

 Forgot userid or passwd?

Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.