openSUSE-SU-2021:0059-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0059-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/openSUSE-SU-2021:0059-1
- Upstream
- Related
- Published
- 2021-01-14T16:11:48Z
- Modified
- 2025-05-08T17:45:06.552657Z
- Summary
- Security update for libzypp, zypper
- Details
-
This update for libzypp, zypper fixes the following issues:
Update zypper to version 1.14.41
Update libzypp to 17.25.4
- CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583)
- RepoManager: Force refresh if repo url has changed (bsc#1174016)
- RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966)
- RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427).
- RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910)
- Fixed update of gpg keys with elongated expire date (bsc#179222)
- needreboot: remove udev from the list (bsc#1179083)
- Fix lsof monitoring (bsc#1179909)
yast-installation was updated to 4.2.48:
- Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FB5G3FIS4OQH3FX723SLMBOC4P37HKHV/
- https://bugzilla.suse.com/1050625
- https://bugzilla.suse.com/1174016
- https://bugzilla.suse.com/1177238
- https://bugzilla.suse.com/1177275
- https://bugzilla.suse.com/1177427
- https://bugzilla.suse.com/1177583
- https://bugzilla.suse.com/1178910
- https://bugzilla.suse.com/1178966
- https://bugzilla.suse.com/1179083
- https://bugzilla.suse.com/1179222
- https://bugzilla.suse.com/1179415
- https://bugzilla.suse.com/1179909
- https://www.suse.com/security/cve/CVE-2017-9271
Affected packages
openSUSE:Leap 15.2 / libzypp
Package
- Name
- libzypp
- Purl
- pkg:rpm/opensuse/libzypp&distro=openSUSE%20Leap%2015.2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed17.25.5-lp152.2.16.1
Ecosystem specific
{
"binaries": [
{
"libzypp": "17.25.5-lp152.2.16.1",
"zypper": "1.14.41-lp152.2.12.1",
"zypper-log": "1.14.41-lp152.2.12.1",
"libzypp-devel-doc": "17.25.5-lp152.2.16.1",
"zypper-needs-restarting": "1.14.41-lp152.2.12.1",
"yast2-installation": "4.2.48-lp152.2.12.1",
"libzypp-devel": "17.25.5-lp152.2.16.1",
"zypper-aptitude": "1.14.41-lp152.2.12.1"
}
]
}
openSUSE:Leap 15.2 / yast2-installation
Package
- Name
- yast2-installation
- Purl
- pkg:rpm/opensuse/yast2-installation&distro=openSUSE%20Leap%2015.2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.2.48-lp152.2.12.1
Ecosystem specific
{
"binaries": [
{
"libzypp": "17.25.5-lp152.2.16.1",
"zypper": "1.14.41-lp152.2.12.1",
"zypper-log": "1.14.41-lp152.2.12.1",
"libzypp-devel-doc": "17.25.5-lp152.2.16.1",
"zypper-needs-restarting": "1.14.41-lp152.2.12.1",
"yast2-installation": "4.2.48-lp152.2.12.1",
"libzypp-devel": "17.25.5-lp152.2.16.1",
"zypper-aptitude": "1.14.41-lp152.2.12.1"
}
]
}
openSUSE:Leap 15.2 / zypper
Package
- Name
- zypper
- Purl
- pkg:rpm/opensuse/zypper&distro=openSUSE%20Leap%2015.2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.14.41-lp152.2.12.1
Ecosystem specific
{
"binaries": [
{
"libzypp": "17.25.5-lp152.2.16.1",
"zypper": "1.14.41-lp152.2.12.1",
"zypper-log": "1.14.41-lp152.2.12.1",
"libzypp-devel-doc": "17.25.5-lp152.2.16.1",
"zypper-needs-restarting": "1.14.41-lp152.2.12.1",
"yast2-installation": "4.2.48-lp152.2.12.1",
"libzypp-devel": "17.25.5-lp152.2.16.1",
"zypper-aptitude": "1.14.41-lp152.2.12.1"
}
]
}