{"affected":[{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.10-3.13.4","libsolv-tools":"0.7.10-3.13.4","libzypp":"17.19.0-3.14.5","libzypp-devel":"17.19.0-3.14.5","python3-solv":"0.7.10-3.13.4","zypper":"1.14.33-3.13.5","zypper-log":"1.14.33-3.13.5","zypper-needs-restarting":"1.14.33-3.13.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP1","name":"libsolv","purl":"pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.10-3.13.4"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.10-3.13.4","libsolv-tools":"0.7.10-3.13.4","libzypp":"17.19.0-3.14.5","libzypp-devel":"17.19.0-3.14.5","python3-solv":"0.7.10-3.13.4","zypper":"1.14.33-3.13.5","zypper-log":"1.14.33-3.13.5","zypper-needs-restarting":"1.14.33-3.13.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP1","name":"libzypp","purl":"pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"17.19.0-3.14.5"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.10-3.13.4","libsolv-tools":"0.7.10-3.13.4","libzypp":"17.19.0-3.14.5","libzypp-devel":"17.19.0-3.14.5","python3-solv":"0.7.10-3.13.4","zypper":"1.14.33-3.13.5","zypper-log":"1.14.33-3.13.5","zypper-needs-restarting":"1.14.33-3.13.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP1","name":"zypper","purl":"pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.14.33-3.13.5"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"perl-solv":"0.7.10-3.13.4","ruby-solv":"0.7.10-3.13.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP1","name":"libsolv","purl":"pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.10-3.13.4"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python-solv":"0.7.10-3.13.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP1","name":"libsolv","purl":"pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.10-3.13.4"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libsolv, libzypp, zypper fixes the following issues:\n\n\nSecurity issue fixed:\n\n- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).\n\nBug fixes\n\n- Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819).\n- Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198).\n- Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678).                                            \n- Load only target resolvables for zypper rm (bsc#1157377).\n- Fix broken search by filelist (bsc#1135114).\n- Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158).\n- Do not sort out requested locales which are not available (bsc#1155678).\n- Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805).                                                              \n- XML add patch issue-date and issue-list (bsc#1154805).\n- Fix zypper lp --cve/bugzilla/issue options (bsc#1155298).\n- Always execute commit when adding/removing locales (fixes bsc#1155205).\n- Fix description of --table-style,-s in man page (bsc#1154804).\n","id":"SUSE-SU-2020:0432-1","modified":"2020-02-21T13:34:31Z","published":"2020-02-21T13:34:31Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20200432-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1135114"},{"type":"REPORT","url":"https://bugzilla.suse.com/1154804"},{"type":"REPORT","url":"https://bugzilla.suse.com/1154805"},{"type":"REPORT","url":"https://bugzilla.suse.com/1155198"},{"type":"REPORT","url":"https://bugzilla.suse.com/1155205"},{"type":"REPORT","url":"https://bugzilla.suse.com/1155298"},{"type":"REPORT","url":"https://bugzilla.suse.com/1155678"},{"type":"REPORT","url":"https://bugzilla.suse.com/1155819"},{"type":"REPORT","url":"https://bugzilla.suse.com/1156158"},{"type":"REPORT","url":"https://bugzilla.suse.com/1157377"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158763"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-18900"}],"related":["CVE-2019-18900"],"summary":"Security update for libsolv, libzypp, zypper","upstream":["CVE-2019-18900"]}