{"affected":[{"ecosystem_specific":{"binaries":[{"libzypp":"17.25.5-lp152.2.16.1","libzypp-devel":"17.25.5-lp152.2.16.1","libzypp-devel-doc":"17.25.5-lp152.2.16.1","yast2-installation":"4.2.48-lp152.2.12.1","zypper":"1.14.41-lp152.2.12.1","zypper-aptitude":"1.14.41-lp152.2.12.1","zypper-log":"1.14.41-lp152.2.12.1","zypper-needs-restarting":"1.14.41-lp152.2.12.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"libzypp","purl":"pkg:rpm/opensuse/libzypp&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"17.25.5-lp152.2.16.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libzypp":"17.25.5-lp152.2.16.1","libzypp-devel":"17.25.5-lp152.2.16.1","libzypp-devel-doc":"17.25.5-lp152.2.16.1","yast2-installation":"4.2.48-lp152.2.12.1","zypper":"1.14.41-lp152.2.12.1","zypper-aptitude":"1.14.41-lp152.2.12.1","zypper-log":"1.14.41-lp152.2.12.1","zypper-needs-restarting":"1.14.41-lp152.2.12.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"yast2-installation","purl":"pkg:rpm/opensuse/yast2-installation&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.48-lp152.2.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libzypp":"17.25.5-lp152.2.16.1","libzypp-devel":"17.25.5-lp152.2.16.1","libzypp-devel-doc":"17.25.5-lp152.2.16.1","yast2-installation":"4.2.48-lp152.2.12.1","zypper":"1.14.41-lp152.2.12.1","zypper-aptitude":"1.14.41-lp152.2.12.1","zypper-log":"1.14.41-lp152.2.12.1","zypper-needs-restarting":"1.14.41-lp152.2.12.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"zypper","purl":"pkg:rpm/opensuse/zypper&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.14.41-lp152.2.12.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libzypp, zypper fixes the following issues:\n\nUpdate zypper to version 1.14.41\n\nUpdate libzypp to 17.25.4\n\n- CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583)\n- RepoManager: Force refresh if repo url has changed (bsc#1174016)\n- RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966)\n- RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427).\n- RpmDb: If no database exists use the _dbpath configured in rpm.  Still makes sure a compat\n  symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910)\n- Fixed update of gpg keys with elongated expire date (bsc#179222)\n- needreboot: remove udev from the list (bsc#1179083)\n- Fix lsof monitoring (bsc#1179909)\n\nyast-installation was updated to 4.2.48:\n\n- Do not cleanup the libzypp cache when the system has low memory,\n  incomplete cache confuses libzypp later (bsc#1179415)\n\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.","id":"openSUSE-SU-2021:0059-1","modified":"2021-01-14T16:11:48Z","published":"2021-01-14T16:11:48Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FB5G3FIS4OQH3FX723SLMBOC4P37HKHV/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050625"},{"type":"REPORT","url":"https://bugzilla.suse.com/1174016"},{"type":"REPORT","url":"https://bugzilla.suse.com/1177238"},{"type":"REPORT","url":"https://bugzilla.suse.com/1177275"},{"type":"REPORT","url":"https://bugzilla.suse.com/1177427"},{"type":"REPORT","url":"https://bugzilla.suse.com/1177583"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178910"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178966"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179083"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179222"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179415"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179909"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9271"}],"related":["CVE-2017-9271"],"summary":"Security update for libzypp, zypper","upstream":["CVE-2017-9271"]}