OESA-2022-1569

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1569

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2022-1569.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2022-1569

Upstream

CVE-2021-44568

CVE-2021-44569

CVE-2021-44571

CVE-2021-44573

CVE-2021-44574

CVE-2021-44575

CVE-2021-44576

CVE-2021-44577

Published

2022-03-12T11:03:37Z

Modified

2025-08-12T05:10:41.377563Z

Summary

libsolv security update

Details

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks:

Security Fix(es):

Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.(CVE-2021-44568)

A heap overflow vulnerability exisfts in openSUSE libsolv through 13 Dec 2020 in the prefer_suggested function at src/policy.c: line 442.(CVE-2021-44571)

Two heap-overflow vulnerabilities exist in openSUSE libsolv through 13 Dec 2020 bugs in the propagate function at src/solver.c: line 490 and 524.(CVE-2021-44577)

Two heap overflow vulnerabilities exist in oenSUSE libsolv through 13 Dec 2020 in the resolve_installed function at src/solver.c: line 1728 & 1766.(CVE-2021-44573)

A heap-overflow vulnerability exists in openSUSE libsolv through 13 Dec 2020 in the resolve_jobrules function at src/solver.c at line 1599.(CVE-2021-44574)

Two memory vulnerabilities exists in openSUSE libsolv through 13 Dec 2020 in the resolve_weak function at src/solver.c: line 2222 and 2249.(CVE-2021-44576)

A heap-buffer openSUSE libsolv through 13 Dec 2020 exists in the solver_solve function at src/solver.c: line 3445.(CVE-2021-44569)

Two heap-overflow vulnerabilities exists in openSUSE libsolv through 13 Dec 2020 in the makeruledecisions function at src/solver.c: line 147 and 307.(CVE-2021-44575)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / libsolv

Package

Name: libsolv
Purl: pkg:rpm/openEuler/libsolv&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.14-5.oe1

Ecosystem specific

{
    "src": [
        "libsolv-0.7.14-5.oe1.src.rpm"
    ],
    "x86_64": [
        "libsolv-0.7.14-5.oe1.x86_64.rpm",
        "libsolv-debugsource-0.7.14-5.oe1.x86_64.rpm",
        "libsolv-devel-0.7.14-5.oe1.x86_64.rpm",
        "libsolv-debuginfo-0.7.14-5.oe1.x86_64.rpm",
        "perl-solv-0.7.14-5.oe1.x86_64.rpm",
        "ruby-solv-0.7.14-5.oe1.x86_64.rpm",
        "python3-solv-0.7.14-5.oe1.x86_64.rpm"
    ],
    "noarch": [
        "libsolv-help-0.7.14-5.oe1.noarch.rpm"
    ],
    "aarch64": [
        "libsolv-debuginfo-0.7.14-5.oe1.aarch64.rpm",
        "libsolv-0.7.14-5.oe1.aarch64.rpm",
        "libsolv-debugsource-0.7.14-5.oe1.aarch64.rpm",
        "ruby-solv-0.7.14-5.oe1.aarch64.rpm",
        "python3-solv-0.7.14-5.oe1.aarch64.rpm",
        "perl-solv-0.7.14-5.oe1.aarch64.rpm",
        "libsolv-devel-0.7.14-5.oe1.aarch64.rpm"
    ]
}

openEuler:20.03-LTS-SP2 / libsolv

Package

Name: libsolv
Purl: pkg:rpm/openEuler/libsolv&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.14-6.oe1

Ecosystem specific

{
    "src": [
        "libsolv-0.7.14-6.oe1.src.rpm"
    ],
    "x86_64": [
        "libsolv-devel-0.7.14-6.oe1.x86_64.rpm",
        "ruby-solv-0.7.14-6.oe1.x86_64.rpm",
        "libsolv-debuginfo-0.7.14-6.oe1.x86_64.rpm",
        "python3-solv-0.7.14-6.oe1.x86_64.rpm",
        "libsolv-debugsource-0.7.14-6.oe1.x86_64.rpm",
        "libsolv-0.7.14-6.oe1.x86_64.rpm",
        "perl-solv-0.7.14-6.oe1.x86_64.rpm"
    ],
    "noarch": [
        "libsolv-help-0.7.14-6.oe1.noarch.rpm"
    ],
    "aarch64": [
        "ruby-solv-0.7.14-6.oe1.aarch64.rpm",
        "libsolv-debugsource-0.7.14-6.oe1.aarch64.rpm",
        "python3-solv-0.7.14-6.oe1.aarch64.rpm",
        "libsolv-debuginfo-0.7.14-6.oe1.aarch64.rpm",
        "libsolv-0.7.14-6.oe1.aarch64.rpm",
        "libsolv-devel-0.7.14-6.oe1.aarch64.rpm",
        "perl-solv-0.7.14-6.oe1.aarch64.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / libsolv

Package

Name: libsolv
Purl: pkg:rpm/openEuler/libsolv&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.14-6.oe1

Ecosystem specific

{
    "src": [
        "libsolv-0.7.14-6.oe1.src.rpm"
    ],
    "x86_64": [
        "libsolv-debugsource-0.7.14-6.oe1.x86_64.rpm",
        "libsolv-0.7.14-6.oe1.x86_64.rpm",
        "libsolv-devel-0.7.14-6.oe1.x86_64.rpm",
        "perl-solv-0.7.14-6.oe1.x86_64.rpm",
        "libsolv-debuginfo-0.7.14-6.oe1.x86_64.rpm",
        "python3-solv-0.7.14-6.oe1.x86_64.rpm",
        "ruby-solv-0.7.14-6.oe1.x86_64.rpm"
    ],
    "noarch": [
        "libsolv-help-0.7.14-6.oe1.noarch.rpm"
    ],
    "aarch64": [
        "perl-solv-0.7.14-6.oe1.aarch64.rpm",
        "libsolv-debuginfo-0.7.14-6.oe1.aarch64.rpm",
        "ruby-solv-0.7.14-6.oe1.aarch64.rpm",
        "libsolv-debugsource-0.7.14-6.oe1.aarch64.rpm",
        "python3-solv-0.7.14-6.oe1.aarch64.rpm",
        "libsolv-devel-0.7.14-6.oe1.aarch64.rpm",
        "libsolv-0.7.14-6.oe1.aarch64.rpm"
    ]
}