{"affected":[{"ecosystem_specific":{"binaries":[{"libzypp":"16.15.2-27.21.1","zypper":"1.13.30-18.13.3","zypper-log":"1.13.30-18.13.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP2","name":"libzypp","purl":"pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"16.15.2-27.21.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libzypp":"16.15.2-27.21.1","zypper":"1.13.30-18.13.3","zypper-log":"1.13.30-18.13.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP2","name":"zypper","purl":"pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.13.30-18.13.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libzypp":"16.15.2-27.21.1","zypper":"1.13.30-18.13.3","zypper-log":"1.13.30-18.13.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2","name":"libzypp","purl":"pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"16.15.2-27.21.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libzypp":"16.15.2-27.21.1","zypper":"1.13.30-18.13.3","zypper-log":"1.13.30-18.13.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2","name":"zypper","purl":"pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.13.30-18.13.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libzypp-devel":"16.15.2-27.21.1","libzypp-devel-doc":"16.15.2-27.21.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP2","name":"libzypp","purl":"pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"16.15.2-27.21.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libzypp":"16.15.2-27.21.1","zypper":"1.13.30-18.13.3","zypper-log":"1.13.30-18.13.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2","name":"libzypp","purl":"pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"16.15.2-27.21.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libzypp":"16.15.2-27.21.1","zypper":"1.13.30-18.13.3","zypper-log":"1.13.30-18.13.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2","name":"zypper","purl":"pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.13.30-18.13.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libzypp":"16.15.2-27.21.1","zypper":"1.13.30-18.13.3","zypper-log":"1.13.30-18.13.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"libzypp","purl":"pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"16.15.2-27.21.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libzypp":"16.15.2-27.21.1","zypper":"1.13.30-18.13.3","zypper-log":"1.13.30-18.13.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"zypper","purl":"pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.13.30-18.13.3"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"The Software Update Stack was updated to receive fixes and enhancements.\n\nlibzypp:\n\nSecurity issues fixed:\n- CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned\n  repositories and packages. (bsc#1045735, bsc#1038984)\n\nBug fixes:\n- Re-probe on refresh if the repository type changes. (bsc#1048315)\n- Propagate proper error code to DownloadProgressReport. (bsc#1047785)\n- Allow to trigger an appdata refresh unconditionally. (bsc#1009745)\n- Support custom repo variables defined in /etc/zypp/vars.d.\n- Adapt loop mounting of ISO images. (bsc#1038132, bsc#1033236)\n- Fix potential crash if repository has no baseurl. (bsc#1043218)\n\nzypper:\n\n- Adapt download callback to report and handle unsigned packages. (bsc#1038984)\n- Report missing/optional files as 'not found' rather than 'error'. (bsc#1047785)\n- Document support for custom repository variables defined in /etc/zypp/vars.d.\n- Emphasize that it depends on how fast PackageKit will respond to a 'quit' request sent\n  if PK blocks package management.\n","id":"SUSE-SU-2017:2040-1","modified":"2017-08-03T14:42:36Z","published":"2017-08-03T14:42:36Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20172040-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1009745"},{"type":"REPORT","url":"https://bugzilla.suse.com/1031756"},{"type":"REPORT","url":"https://bugzilla.suse.com/1033236"},{"type":"REPORT","url":"https://bugzilla.suse.com/1038132"},{"type":"REPORT","url":"https://bugzilla.suse.com/1038984"},{"type":"REPORT","url":"https://bugzilla.suse.com/1043218"},{"type":"REPORT","url":"https://bugzilla.suse.com/1045735"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047785"},{"type":"REPORT","url":"https://bugzilla.suse.com/1048315"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7435"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7436"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9269"}],"related":["CVE-2017-7435","CVE-2017-7436","CVE-2017-9269"],"summary":"Security update for libzypp, zypper","upstream":["CVE-2017-7435","CVE-2017-7436","CVE-2017-9269"]}