SUSE-SU-2021:2145-1
- Source
- https://www.suse.com/support/update/announcement/2021/suse-su-20212145-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:2145-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2021:2145-1
- Upstream
- Related
- Published
- 2021-06-23T14:51:08Z
- Modified
- 2026-01-30T02:53:23.208682Z
- Summary
- Security update for libsolv
- Details
-
This update for libsolv fixes the following issues:
Security issues fixed:
- CVE-2019-20387: Fixed heap-buffer-overflow in repodata_schema2id (bsc#1161510)
- CVE-2021-3200: testcase_read: error out if repos are added or the system is changed too late (bsc#1186229)
Other issues fixed:
- backport support for blacklisted packages to support ptf packages and retracted patches
- fix ruleinfo of complex dependencies returning the wrong origin
- fix SOLVERFLAGFOCUS_BEST updateing packages without reason
- fix addcomplexrecommends() selecting conflicted packages in rare cases
- fix potential segfault in resolve_jobrules
- fix solv_zchunk decoding error if large chunks are used
- References
Affected packages
SUSE:Linux Enterprise Server 12 SP2-BCL / libsolv
Package
- Name
- libsolv
- Purl
- pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.6.37-2.27.24.1
SUSE:Linux Enterprise Server 12 SP2-BCL / libzypp
Package
- Name
- libzypp
- Purl
- pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed16.21.4-27.75.1