{"affected":[{"ecosystem_specific":{"binaries":[{"libsolv-tools":"0.7.22-150000.3.51.1","libzypp":"17.30.0-150000.3.95.1","zypper":"1.14.52-150000.3.69.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Installer Updates 15","name":"libsolv","purl":"pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.22-150000.3.51.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-tools":"0.7.22-150000.3.51.1","libzypp":"17.30.0-150000.3.95.1","zypper":"1.14.52-150000.3.69.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Installer Updates 15","name":"libzypp","purl":"pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"17.30.0-150000.3.95.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-tools":"0.7.22-150000.3.51.1","libzypp":"17.30.0-150000.3.95.1","zypper":"1.14.52-150000.3.69.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Installer Updates 15","name":"zypper","purl":"pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.14.52-150000.3.69.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.22-150000.3.51.1","libsolv-tools":"0.7.22-150000.3.51.1","libzypp":"17.30.0-150000.3.95.1","libzypp-devel":"17.30.0-150000.3.95.1","perl-solv":"0.7.22-150000.3.51.1","python-solv":"0.7.22-150000.3.51.1","python3-solv":"0.7.22-150000.3.51.1","ruby-solv":"0.7.22-150000.3.51.1","zypper":"1.14.52-150000.3.69.2","zypper-log":"1.14.52-150000.3.69.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-ESPOS","name":"libsolv","purl":"pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.22-150000.3.51.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.22-150000.3.51.1","libsolv-tools":"0.7.22-150000.3.51.1","libzypp":"17.30.0-150000.3.95.1","libzypp-devel":"17.30.0-150000.3.95.1","perl-solv":"0.7.22-150000.3.51.1","python-solv":"0.7.22-150000.3.51.1","python3-solv":"0.7.22-150000.3.51.1","ruby-solv":"0.7.22-150000.3.51.1","zypper":"1.14.52-150000.3.69.2","zypper-log":"1.14.52-150000.3.69.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-ESPOS","name":"libzypp","purl":"pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"17.30.0-150000.3.95.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.22-150000.3.51.1","libsolv-tools":"0.7.22-150000.3.51.1","libzypp":"17.30.0-150000.3.95.1","libzypp-devel":"17.30.0-150000.3.95.1","perl-solv":"0.7.22-150000.3.51.1","python-solv":"0.7.22-150000.3.51.1","python3-solv":"0.7.22-150000.3.51.1","ruby-solv":"0.7.22-150000.3.51.1","zypper":"1.14.52-150000.3.69.2","zypper-log":"1.14.52-150000.3.69.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-ESPOS","name":"zypper","purl":"pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.14.52-150000.3.69.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.22-150000.3.51.1","libsolv-tools":"0.7.22-150000.3.51.1","libzypp":"17.30.0-150000.3.95.1","libzypp-devel":"17.30.0-150000.3.95.1","perl-solv":"0.7.22-150000.3.51.1","python-solv":"0.7.22-150000.3.51.1","python3-solv":"0.7.22-150000.3.51.1","ruby-solv":"0.7.22-150000.3.51.1","zypper":"1.14.52-150000.3.69.2","zypper-log":"1.14.52-150000.3.69.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-LTSS","name":"libsolv","purl":"pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.22-150000.3.51.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.22-150000.3.51.1","libsolv-tools":"0.7.22-150000.3.51.1","libzypp":"17.30.0-150000.3.95.1","libzypp-devel":"17.30.0-150000.3.95.1","perl-solv":"0.7.22-150000.3.51.1","python-solv":"0.7.22-150000.3.51.1","python3-solv":"0.7.22-150000.3.51.1","ruby-solv":"0.7.22-150000.3.51.1","zypper":"1.14.52-150000.3.69.2","zypper-log":"1.14.52-150000.3.69.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-LTSS","name":"libzypp","purl":"pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"17.30.0-150000.3.95.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.22-150000.3.51.1","libsolv-tools":"0.7.22-150000.3.51.1","libzypp":"17.30.0-150000.3.95.1","libzypp-devel":"17.30.0-150000.3.95.1","perl-solv":"0.7.22-150000.3.51.1","python-solv":"0.7.22-150000.3.51.1","python3-solv":"0.7.22-150000.3.51.1","ruby-solv":"0.7.22-150000.3.51.1","zypper":"1.14.52-150000.3.69.2","zypper-log":"1.14.52-150000.3.69.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-LTSS","name":"zypper","purl":"pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.14.52-150000.3.69.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.22-150000.3.51.1","libsolv-tools":"0.7.22-150000.3.51.1","libzypp":"17.30.0-150000.3.95.1","libzypp-devel":"17.30.0-150000.3.95.1","perl-solv":"0.7.22-150000.3.51.1","python-solv":"0.7.22-150000.3.51.1","python3-solv":"0.7.22-150000.3.51.1","ruby-solv":"0.7.22-150000.3.51.1","zypper":"1.14.52-150000.3.69.2","zypper-log":"1.14.52-150000.3.69.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15-LTSS","name":"libsolv","purl":"pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.22-150000.3.51.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.22-150000.3.51.1","libsolv-tools":"0.7.22-150000.3.51.1","libzypp":"17.30.0-150000.3.95.1","libzypp-devel":"17.30.0-150000.3.95.1","perl-solv":"0.7.22-150000.3.51.1","python-solv":"0.7.22-150000.3.51.1","python3-solv":"0.7.22-150000.3.51.1","ruby-solv":"0.7.22-150000.3.51.1","zypper":"1.14.52-150000.3.69.2","zypper-log":"1.14.52-150000.3.69.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15-LTSS","name":"libzypp","purl":"pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"17.30.0-150000.3.95.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.22-150000.3.51.1","libsolv-tools":"0.7.22-150000.3.51.1","libzypp":"17.30.0-150000.3.95.1","libzypp-devel":"17.30.0-150000.3.95.1","perl-solv":"0.7.22-150000.3.51.1","python-solv":"0.7.22-150000.3.51.1","python3-solv":"0.7.22-150000.3.51.1","ruby-solv":"0.7.22-150000.3.51.1","zypper":"1.14.52-150000.3.69.2","zypper-log":"1.14.52-150000.3.69.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15-LTSS","name":"zypper","purl":"pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.14.52-150000.3.69.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.22-150000.3.51.1","libsolv-tools":"0.7.22-150000.3.51.1","libzypp":"17.30.0-150000.3.95.1","libzypp-devel":"17.30.0-150000.3.95.1","perl-solv":"0.7.22-150000.3.51.1","python-solv":"0.7.22-150000.3.51.1","python3-solv":"0.7.22-150000.3.51.1","ruby-solv":"0.7.22-150000.3.51.1","zypper":"1.14.52-150000.3.69.2","zypper-log":"1.14.52-150000.3.69.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15","name":"libsolv","purl":"pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.22-150000.3.51.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.22-150000.3.51.1","libsolv-tools":"0.7.22-150000.3.51.1","libzypp":"17.30.0-150000.3.95.1","libzypp-devel":"17.30.0-150000.3.95.1","perl-solv":"0.7.22-150000.3.51.1","python-solv":"0.7.22-150000.3.51.1","python3-solv":"0.7.22-150000.3.51.1","ruby-solv":"0.7.22-150000.3.51.1","zypper":"1.14.52-150000.3.69.2","zypper-log":"1.14.52-150000.3.69.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15","name":"libzypp","purl":"pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"17.30.0-150000.3.95.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.7.22-150000.3.51.1","libsolv-tools":"0.7.22-150000.3.51.1","libzypp":"17.30.0-150000.3.95.1","libzypp-devel":"17.30.0-150000.3.95.1","perl-solv":"0.7.22-150000.3.51.1","python-solv":"0.7.22-150000.3.51.1","python3-solv":"0.7.22-150000.3.51.1","ruby-solv":"0.7.22-150000.3.51.1","zypper":"1.14.52-150000.3.69.2","zypper-log":"1.14.52-150000.3.69.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15","name":"zypper","purl":"pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.14.52-150000.3.69.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libsolv, libzypp, zypper fixes the following issues:\n\nSecurity relevant fix:\n\n- Harden package signature checks (bsc#1184501).\n\nlibsolv to 0.7.22:\n\n- reworked choice rule generation to cover more usecases\n- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)\n- support parsing of Debian's Multi-Arch indicator\n\n- fix segfault on conflict resolution when using bindings\n- fix split provides not working if the update includes a forbidden vendor change\n- support strict repository priorities\n  new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY\n- support zstd compressed control files in debian packages\n- add an ifdef allowing to rename Solvable dependency members\n  ('requires' is a keyword in C++20)\n- support setting/reading userdata in solv files\n  new functions: repowriter_set_userdata, solv_read_userdata\n- support queying of the custom vendor check function\n  new function: pool_get_custom_vendorcheck\n- support solv files with an idarray block\n- allow accessing the toolversion at runtime\n\nlibzypp to 17.30.0:\n\n- ZConfig: Update solver settings if target changes (bsc#1196368)\n- Fix possible hang in singletrans mode (bsc#1197134)\n- Do 2 retries if mount is still busy.\n- Fix package signature check (bsc#1184501)\n  Pay attention that header and payload are secured by a valid\n  signature and report more detailed which signature is missing.\n- Retry umount if device is busy (bsc#1196061, closes #381)\n  A previously released ISO image may need a bit more time to\n  release it's loop device. So we wait a bit and retry.\n- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)\n- Fix handling of ISO media in releaseAll (bsc#1196061)\n- Hint on common ptf resolver conflicts (bsc#1194848)\n- Hint on ptf<>patch resolver conflicts (bsc#1194848)\n\nzypper to 1.14.52:\n\n- info: print the packages upstream URL if available (fixes #426)\n- info: Fix SEGV with not installed PTFs (bsc#1196317)\n- Don't prevent less restrictive umasks (bsc#1195999)\n","id":"SUSE-SU-2022:1130-1","modified":"2022-04-08T07:43:19Z","published":"2022-04-08T07:43:19Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20221130-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1184501"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194848"},{"type":"REPORT","url":"https://bugzilla.suse.com/1195999"},{"type":"REPORT","url":"https://bugzilla.suse.com/1196061"},{"type":"REPORT","url":"https://bugzilla.suse.com/1196317"},{"type":"REPORT","url":"https://bugzilla.suse.com/1196368"},{"type":"REPORT","url":"https://bugzilla.suse.com/1196514"},{"type":"REPORT","url":"https://bugzilla.suse.com/1196925"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197134"}],"related":[],"summary":"Security update for libsolv, libzypp, zypper","upstream":[]}