{"affected":[{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.5-3.12.2","libsolv-tools":"0.7.5-3.12.2","libyui-ncurses-pkg-devel":"2.48.5.2-3.5.2","libyui-ncurses-pkg-doc":"2.48.5.2-3.5.3","libyui-ncurses-pkg8":"2.48.5.2-3.5.2","libyui-qt-pkg-doc":"2.45.15.2-3.5.3","libyui-qt-pkg8":"2.45.15.2-3.5.3","libzypp":"17.12.0-3.23.6","libzypp-devel":"17.12.0-3.23.6","python-solv":"0.7.5-3.12.2","yast2-pkg-bindings":"4.0.13-3.7.2","zypper":"1.14.28-3.18.6","zypper-log":"1.14.28-3.18.6"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"libsolv","purl":"pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.5-3.12.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.5-3.12.2","libsolv-tools":"0.7.5-3.12.2","libyui-ncurses-pkg-devel":"2.48.5.2-3.5.2","libyui-ncurses-pkg-doc":"2.48.5.2-3.5.3","libyui-ncurses-pkg8":"2.48.5.2-3.5.2","libyui-qt-pkg-doc":"2.45.15.2-3.5.3","libyui-qt-pkg8":"2.45.15.2-3.5.3","libzypp":"17.12.0-3.23.6","libzypp-devel":"17.12.0-3.23.6","python-solv":"0.7.5-3.12.2","yast2-pkg-bindings":"4.0.13-3.7.2","zypper":"1.14.28-3.18.6","zypper-log":"1.14.28-3.18.6"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"libyui-ncurses-pkg","purl":"pkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.48.5.2-3.5.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.5-3.12.2","libsolv-tools":"0.7.5-3.12.2","libyui-ncurses-pkg-devel":"2.48.5.2-3.5.2","libyui-ncurses-pkg-doc":"2.48.5.2-3.5.3","libyui-ncurses-pkg8":"2.48.5.2-3.5.2","libyui-qt-pkg-doc":"2.45.15.2-3.5.3","libyui-qt-pkg8":"2.45.15.2-3.5.3","libzypp":"17.12.0-3.23.6","libzypp-devel":"17.12.0-3.23.6","python-solv":"0.7.5-3.12.2","yast2-pkg-bindings":"4.0.13-3.7.2","zypper":"1.14.28-3.18.6","zypper-log":"1.14.28-3.18.6"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"libyui-ncurses-pkg-doc","purl":"pkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.48.5.2-3.5.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.5-3.12.2","libsolv-tools":"0.7.5-3.12.2","libyui-ncurses-pkg-devel":"2.48.5.2-3.5.2","libyui-ncurses-pkg-doc":"2.48.5.2-3.5.3","libyui-ncurses-pkg8":"2.48.5.2-3.5.2","libyui-qt-pkg-doc":"2.45.15.2-3.5.3","libyui-qt-pkg8":"2.45.15.2-3.5.3","libzypp":"17.12.0-3.23.6","libzypp-devel":"17.12.0-3.23.6","python-solv":"0.7.5-3.12.2","yast2-pkg-bindings":"4.0.13-3.7.2","zypper":"1.14.28-3.18.6","zypper-log":"1.14.28-3.18.6"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"libyui-qt-pkg","purl":"pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.45.15.2-3.5.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.5-3.12.2","libsolv-tools":"0.7.5-3.12.2","libyui-ncurses-pkg-devel":"2.48.5.2-3.5.2","libyui-ncurses-pkg-doc":"2.48.5.2-3.5.3","libyui-ncurses-pkg8":"2.48.5.2-3.5.2","libyui-qt-pkg-doc":"2.45.15.2-3.5.3","libyui-qt-pkg8":"2.45.15.2-3.5.3","libzypp":"17.12.0-3.23.6","libzypp-devel":"17.12.0-3.23.6","python-solv":"0.7.5-3.12.2","yast2-pkg-bindings":"4.0.13-3.7.2","zypper":"1.14.28-3.18.6","zypper-log":"1.14.28-3.18.6"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"libyui-qt-pkg-doc","purl":"pkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.45.15.2-3.5.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.5-3.12.2","libsolv-tools":"0.7.5-3.12.2","libyui-ncurses-pkg-devel":"2.48.5.2-3.5.2","libyui-ncurses-pkg-doc":"2.48.5.2-3.5.3","libyui-ncurses-pkg8":"2.48.5.2-3.5.2","libyui-qt-pkg-doc":"2.45.15.2-3.5.3","libyui-qt-pkg8":"2.45.15.2-3.5.3","libzypp":"17.12.0-3.23.6","libzypp-devel":"17.12.0-3.23.6","python-solv":"0.7.5-3.12.2","yast2-pkg-bindings":"4.0.13-3.7.2","zypper":"1.14.28-3.18.6","zypper-log":"1.14.28-3.18.6"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"libzypp","purl":"pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"17.12.0-3.23.6"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.5-3.12.2","libsolv-tools":"0.7.5-3.12.2","libyui-ncurses-pkg-devel":"2.48.5.2-3.5.2","libyui-ncurses-pkg-doc":"2.48.5.2-3.5.3","libyui-ncurses-pkg8":"2.48.5.2-3.5.2","libyui-qt-pkg-doc":"2.45.15.2-3.5.3","libyui-qt-pkg8":"2.45.15.2-3.5.3","libzypp":"17.12.0-3.23.6","libzypp-devel":"17.12.0-3.23.6","python-solv":"0.7.5-3.12.2","yast2-pkg-bindings":"4.0.13-3.7.2","zypper":"1.14.28-3.18.6","zypper-log":"1.14.28-3.18.6"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"yast2-pkg-bindings","purl":"pkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.13-3.7.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.5-3.12.2","libsolv-tools":"0.7.5-3.12.2","libyui-ncurses-pkg-devel":"2.48.5.2-3.5.2","libyui-ncurses-pkg-doc":"2.48.5.2-3.5.3","libyui-ncurses-pkg8":"2.48.5.2-3.5.2","libyui-qt-pkg-doc":"2.45.15.2-3.5.3","libyui-qt-pkg8":"2.45.15.2-3.5.3","libzypp":"17.12.0-3.23.6","libzypp-devel":"17.12.0-3.23.6","python-solv":"0.7.5-3.12.2","yast2-pkg-bindings":"4.0.13-3.7.2","zypper":"1.14.28-3.18.6","zypper-log":"1.14.28-3.18.6"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"zypper","purl":"pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.14.28-3.18.6"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"PackageKit":"1.1.10-4.10.4","PackageKit-backend-zypp":"1.1.10-4.10.4","PackageKit-devel":"1.1.10-4.10.4","PackageKit-lang":"1.1.10-4.10.4","libpackagekit-glib2-18":"1.1.10-4.10.4","libpackagekit-glib2-devel":"1.1.10-4.10.4","libyui-qt-pkg-devel":"2.45.15.2-3.5.3","typelib-1_0-PackageKitGlib-1_0":"1.1.10-4.10.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15","name":"PackageKit","purl":"pkg:rpm/suse/PackageKit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.10-4.10.4"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"PackageKit":"1.1.10-4.10.4","PackageKit-backend-zypp":"1.1.10-4.10.4","PackageKit-devel":"1.1.10-4.10.4","PackageKit-lang":"1.1.10-4.10.4","libpackagekit-glib2-18":"1.1.10-4.10.4","libpackagekit-glib2-devel":"1.1.10-4.10.4","libyui-qt-pkg-devel":"2.45.15.2-3.5.3","typelib-1_0-PackageKitGlib-1_0":"1.1.10-4.10.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15","name":"libyui-qt-pkg","purl":"pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.45.15.2-3.5.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"perl-solv":"0.7.5-3.12.2","python3-solv":"0.7.5-3.12.2","ruby-solv":"0.7.5-3.12.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15","name":"libsolv","purl":"pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.5-3.12.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"PackageKit-gstreamer-plugin":"1.1.10-4.10.4","PackageKit-gtk3-module":"1.1.10-4.10.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15","name":"PackageKit","purl":"pkg:rpm/suse/PackageKit&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.10-4.10.4"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libzypp and libsolv fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c (function testcase_read) (bsc#1120629).\n- CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a (bsc#1120630).\n- CVE-2018-20534: Fixed illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a (bsc#1120631).\n\nFixed bugs and enhancements:\n\n- make cleandeps jobs on patterns work (bnc#1137977)\n- Fixed an issue where libsolv failed to build against swig 4.0 by updating the version to 0.7.5 (bsc#1135749).    \n- Virtualization host upgrade from SLES-15 to SLES-15-SP1 finished with wrong product name shown up (bsc#1131823).\n- Copy pattern categories from the rpm that defines the pattern (fate#323785).\n- Enhance scanning /sys for modaliases (bsc#1130161).\n- Prevent SEGV if the application sets an empty TextLocale (bsc#1127026).\n- Handle libgpgme error when gpg key is not completely read and user hits CTRL + C (bsc#1127220).\n- Added a hint when registration codes have expired (bsc#965786).\n- Adds a better handling of an error when verifying any repository medium (bsc#1065022).\n- Will now only write type field when probing (bsc#1114908).\n- Fixes an issue where zypper has showed the info message 'Installation aborted by user' while the installation was aborted by wicked (bsc#978193).\n- Suppresses reporting `/memfd:` pseudo files (bsc#1123843).\n- Fixes an issue where zypper was not able to install or uninstall packages when rpm is unavailable (bsc#1122471).\n- Fixes an issue where locks were ignored (bsc#1113296).\n- Simplify complex locks so zypper can display them (bsc#1112911).\n- zypper will now set `SYSTEMD_OFFLINE=1` during chrooted commits (bsc#1118758).\n- no-recommends: Nevertheless consider resolver namespaces (hardware, language,..supporting packages) (fate#325513).\n- Removes world-readable bit from /var/log/zypp (bsc#1099019).\n- Does no longer fail service-refresh on a empty repoindex.xml (bsc#1116840).\n- Fixes soname due to libsolv ABI changes (bsc#1115341).\n- Add infrastructure to flag specific packages to trigger a reboot needed hint (fate#326451).\n\nThis update for zypper 1.14.27 fixes the following issues:\n\n- bash-completion: add package completion for addlock (bsc#1047962)\n- bash-completion: fix incorrect detection of command names (bsc#1049826)\n\n- Offer to change the 'runSearchPackages' config option at the prompt\n  (bsc#1119373, FATE#325599)\n- Prompt: provide a 'yes/no/always/never' prompt.\n- Prompt: support '#NUM' as answer to select the NUMth option...\n- Augeas: enable writing back changed option values (to ~/.zypper.conf)\n- removelocale: fix segfault\n- Move needs-restarting command to subpackage (fixes #254)\n- Allow empty string as argument (bsc#1125415)\n- Provide a way to delete cache for volatile repositories (bsc#1053177)\n- Adapt to boost-1.69 requiring explicit casts tribool->bool (fixes #255)\n- Show support status in info if not unknown (bsc#764147)\n- Fix installing plain rpm files with `zypper in` (bsc#1124897)\n- Show only required info in the summary in quiet mode (bsc#993025)\n- Stay with legacy behavior and return ZYPPER_EXIT_INF_REBOOT_NEEDED\n  only for patches. We don't extend this return code to packages,\n  although they may also carry the 'reboot-needed' attribute. The\n  preferred way to test whether the system needs to be rebooted is\n  `zypper needs-rebooting`. (openSUSE/zypper#237)\n- Skip repository on error (bsc#1123967)\n- New commands for locale management: locales addlocale removelocale\n  Inspect and manipulate the systems `requested locales`, aka. the\n  languages software packages should try support by installing\n  translations, dictionaries and tools, as far as they are available.\n- Don't throw, just warn if options are repeated (bsc#1123865)\n- Fix detection whether stdout is a tty (happened too late)\n- Fix broken --plus-content switch (fixes bsc#1123681)\n- Fix broken --replacefiles switch (fixes bsc#1123137)\n- Extend zypper source-install (fixes bsc#663358)\n- Fix inconsistent results for search (bsc#1119873)\n- Show reboot hint in zypper ps and summary (fixes bsc#1120263)\n- Improve handling of partially locked packages (bsc#1113296)\n- Fix wrong default values in help text (bsc#1121611)\n- Fixed broken argument parsing for --reposd-dir (bsc#1122062)\n- Fix wrong zypp::indeterminate use (bsc#1120463)\n- CLI parser: fix broken initialization enforcing 'select by name'\n  (bsc#1119820)\n- zypper.conf: [commit] autoAgreeWithLicenses {=false} (fixes #220)\n- locks: Fix printing of versioned locks (bsc#1112911)\n- locks: create and write versioned locks correctly (bsc#1112911)\n- patch: --with update may implicitly assume --with-optional (bsc#1102261)\n- no-recommends: Nevertheless consider resolver namespaces (hardware,\n  language,..supporting packages) (FATE#325513)\n- Optionally run 'zypper search-packages' after 'search' (FATE#325599)\n- zypper.conf: Add [search]runSearchPackages config variable.\n- Don't iterate twice on --no-cd (bsc#1111319)\n- zypper-log: Make it Python 3 compatible\n- man: mention /etc/zypp/needreboot config file (fate#326451, fixes #140)\n- Add `needs-restarting` shell script and manpage (fate#326451)\n- Add zypper needs-rebooting command (fate#326451)\n- Introduce new zypper command framefork. Migrated commands so far:\n  addlock addrepo addservice clean cleanlocks modifyrepo modifyservice\n  ps refresh refresh-services removelock removerepo removeservice\n  renamerepo repos services\n- MediaChangeReport: fix https URLs causing 2 prompts on error\n  (bsc#1110542)\n","id":"SUSE-SU-2019:2030-1","modified":"2019-07-31T16:34:56Z","published":"2019-07-31T16:34:56Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20192030-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047962"},{"type":"REPORT","url":"https://bugzilla.suse.com/1049826"},{"type":"REPORT","url":"https://bugzilla.suse.com/1053177"},{"type":"REPORT","url":"https://bugzilla.suse.com/1065022"},{"type":"REPORT","url":"https://bugzilla.suse.com/1099019"},{"type":"REPORT","url":"https://bugzilla.suse.com/1102261"},{"type":"REPORT","url":"https://bugzilla.suse.com/1110542"},{"type":"REPORT","url":"https://bugzilla.suse.com/1111319"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112911"},{"type":"REPORT","url":"https://bugzilla.suse.com/1113296"},{"type":"REPORT","url":"https://bugzilla.suse.com/1114908"},{"type":"REPORT","url":"https://bugzilla.suse.com/1115341"},{"type":"REPORT","url":"https://bugzilla.suse.com/1116840"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118758"},{"type":"REPORT","url":"https://bugzilla.suse.com/1119373"},{"type":"REPORT","url":"https://bugzilla.suse.com/1119820"},{"type":"REPORT","url":"https://bugzilla.suse.com/1119873"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120263"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120463"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120629"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120630"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120631"},{"type":"REPORT","url":"https://bugzilla.suse.com/1121611"},{"type":"REPORT","url":"https://bugzilla.suse.com/1122062"},{"type":"REPORT","url":"https://bugzilla.suse.com/1122471"},{"type":"REPORT","url":"https://bugzilla.suse.com/1123137"},{"type":"REPORT","url":"https://bugzilla.suse.com/1123681"},{"type":"REPORT","url":"https://bugzilla.suse.com/1123843"},{"type":"REPORT","url":"https://bugzilla.suse.com/1123865"},{"type":"REPORT","url":"https://bugzilla.suse.com/1123967"},{"type":"REPORT","url":"https://bugzilla.suse.com/1124897"},{"type":"REPORT","url":"https://bugzilla.suse.com/1125415"},{"type":"REPORT","url":"https://bugzilla.suse.com/1127026"},{"type":"REPORT","url":"https://bugzilla.suse.com/1127155"},{"type":"REPORT","url":"https://bugzilla.suse.com/1127220"},{"type":"REPORT","url":"https://bugzilla.suse.com/1130161"},{"type":"REPORT","url":"https://bugzilla.suse.com/1131823"},{"type":"REPORT","url":"https://bugzilla.suse.com/1135749"},{"type":"REPORT","url":"https://bugzilla.suse.com/1137977"},{"type":"REPORT","url":"https://bugzilla.suse.com/663358"},{"type":"REPORT","url":"https://bugzilla.suse.com/764147"},{"type":"REPORT","url":"https://bugzilla.suse.com/965786"},{"type":"REPORT","url":"https://bugzilla.suse.com/978193"},{"type":"REPORT","url":"https://bugzilla.suse.com/993025"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20532"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20533"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20534"}],"related":["CVE-2018-20532","CVE-2018-20533","CVE-2018-20534"],"summary":"Security update for zypper, libzypp and libsolv","upstream":["CVE-2018-20532","CVE-2018-20533","CVE-2018-20534"]}