csaf_opensuse - opensuse-su-2020:0255-1

opensuse-su-2020:0255-1

Vulnerability from csaf_opensuse

Published

2020-02-27 13:19

Modified

2020-02-27 13:19

Summary

Security update for libsolv, libzypp, zypper

Notes

Title of the patch

Security update for libsolv, libzypp, zypper

Description of the patch

This update for libsolv, libzypp, zypper fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). Bug fixes - Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819). - Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198). - Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678). - Load only target resolvables for zypper rm (bsc#1157377). - Fix broken search by filelist (bsc#1135114). - Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158). - Do not sort out requested locales which are not available (bsc#1155678). - Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805). - XML add patch issue-date and issue-list (bsc#1154805). - Fix zypper lp --cve/bugzilla/issue options (bsc#1155298). - Always execute commit when adding/removing locales (fixes bsc#1155205). - Fix description of --table-style,-s in man page (bsc#1154804). This update was imported from the SUSE:SLE-15-SP1:Update update project.

Patchnames

openSUSE-2020-255

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for libsolv, libzypp, zypper",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for libsolv, libzypp, zypper fixes the following issues:\n\n\nSecurity issue fixed:\n\n- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).\n\nBug fixes\n\n- Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819).\n- Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198).\n- Do not enforce \u0027en\u0027 being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678).                                            \n- Load only target resolvables for zypper rm (bsc#1157377).\n- Fix broken search by filelist (bsc#1135114).\n- Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158).\n- Do not sort out requested locales which are not available (bsc#1155678).\n- Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805).                                                              \n- XML add patch issue-date and issue-list (bsc#1154805).\n- Fix zypper lp --cve/bugzilla/issue options (bsc#1155298).\n- Always execute commit when adding/removing locales (fixes bsc#1155205).\n- Fix description of --table-style,-s in man page (bsc#1154804).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-255",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0255-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:0255-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DEU3QUUM7SDENWAOTTIKYJWY3DTE244N/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:0255-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DEU3QUUM7SDENWAOTTIKYJWY3DTE244N/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1135114",
        "url": "https://bugzilla.suse.com/1135114"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1154804",
        "url": "https://bugzilla.suse.com/1154804"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1154805",
        "url": "https://bugzilla.suse.com/1154805"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1155198",
        "url": "https://bugzilla.suse.com/1155198"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1155205",
        "url": "https://bugzilla.suse.com/1155205"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1155298",
        "url": "https://bugzilla.suse.com/1155298"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1155678",
        "url": "https://bugzilla.suse.com/1155678"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1155819",
        "url": "https://bugzilla.suse.com/1155819"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1156158",
        "url": "https://bugzilla.suse.com/1156158"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1157377",
        "url": "https://bugzilla.suse.com/1157377"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1158763",
        "url": "https://bugzilla.suse.com/1158763"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-18900 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-18900/"
      }
    ],
    "title": "Security update for libsolv, libzypp, zypper",
    "tracking": {
      "current_release_date": "2020-02-27T13:19:04Z",
      "generator": {
        "date": "2020-02-27T13:19:04Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:0255-1",
      "initial_release_date": "2020-02-27T13:19:04Z",
      "revision_history": [
        {
          "date": "2020-02-27T13:19:04Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsolv-demo-0.7.10-lp151.2.10.1.i586",
                "product": {
                  "name": "libsolv-demo-0.7.10-lp151.2.10.1.i586",
                  "product_id": "libsolv-demo-0.7.10-lp151.2.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libsolv-devel-0.7.10-lp151.2.10.1.i586",
                "product": {
                  "name": "libsolv-devel-0.7.10-lp151.2.10.1.i586",
                  "product_id": "libsolv-devel-0.7.10-lp151.2.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libsolv-tools-0.7.10-lp151.2.10.1.i586",
                "product": {
                  "name": "libsolv-tools-0.7.10-lp151.2.10.1.i586",
                  "product_id": "libsolv-tools-0.7.10-lp151.2.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libzypp-17.19.0-lp151.2.10.1.i586",
                "product": {
                  "name": "libzypp-17.19.0-lp151.2.10.1.i586",
                  "product_id": "libzypp-17.19.0-lp151.2.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libzypp-devel-17.19.0-lp151.2.10.1.i586",
                "product": {
                  "name": "libzypp-devel-17.19.0-lp151.2.10.1.i586",
                  "product_id": "libzypp-devel-17.19.0-lp151.2.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libzypp-devel-doc-17.19.0-lp151.2.10.1.i586",
                "product": {
                  "name": "libzypp-devel-doc-17.19.0-lp151.2.10.1.i586",
                  "product_id": "libzypp-devel-doc-17.19.0-lp151.2.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "perl-solv-0.7.10-lp151.2.10.1.i586",
                "product": {
                  "name": "perl-solv-0.7.10-lp151.2.10.1.i586",
                  "product_id": "perl-solv-0.7.10-lp151.2.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python-solv-0.7.10-lp151.2.10.1.i586",
                "product": {
                  "name": "python-solv-0.7.10-lp151.2.10.1.i586",
                  "product_id": "python-solv-0.7.10-lp151.2.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python3-solv-0.7.10-lp151.2.10.1.i586",
                "product": {
                  "name": "python3-solv-0.7.10-lp151.2.10.1.i586",
                  "product_id": "python3-solv-0.7.10-lp151.2.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ruby-solv-0.7.10-lp151.2.10.1.i586",
                "product": {
                  "name": "ruby-solv-0.7.10-lp151.2.10.1.i586",
                  "product_id": "ruby-solv-0.7.10-lp151.2.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "zypper-1.14.33-lp151.2.10.1.i586",
                "product": {
                  "name": "zypper-1.14.33-lp151.2.10.1.i586",
                  "product_id": "zypper-1.14.33-lp151.2.10.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "zypper-aptitude-1.14.33-lp151.2.10.1.noarch",
                "product": {
                  "name": "zypper-aptitude-1.14.33-lp151.2.10.1.noarch",
                  "product_id": "zypper-aptitude-1.14.33-lp151.2.10.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "zypper-log-1.14.33-lp151.2.10.1.noarch",
                "product": {
                  "name": "zypper-log-1.14.33-lp151.2.10.1.noarch",
                  "product_id": "zypper-log-1.14.33-lp151.2.10.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "zypper-needs-restarting-1.14.33-lp151.2.10.1.noarch",
                "product": {
                  "name": "zypper-needs-restarting-1.14.33-lp151.2.10.1.noarch",
                  "product_id": "zypper-needs-restarting-1.14.33-lp151.2.10.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsolv-demo-0.7.10-lp151.2.10.1.x86_64",
                "product": {
                  "name": "libsolv-demo-0.7.10-lp151.2.10.1.x86_64",
                  "product_id": "libsolv-demo-0.7.10-lp151.2.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libsolv-devel-0.7.10-lp151.2.10.1.x86_64",
                "product": {
                  "name": "libsolv-devel-0.7.10-lp151.2.10.1.x86_64",
                  "product_id": "libsolv-devel-0.7.10-lp151.2.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libsolv-tools-0.7.10-lp151.2.10.1.x86_64",
                "product": {
                  "name": "libsolv-tools-0.7.10-lp151.2.10.1.x86_64",
                  "product_id": "libsolv-tools-0.7.10-lp151.2.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libzypp-17.19.0-lp151.2.10.1.x86_64",
                "product": {
                  "name": "libzypp-17.19.0-lp151.2.10.1.x86_64",
                  "product_id": "libzypp-17.19.0-lp151.2.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libzypp-devel-17.19.0-lp151.2.10.1.x86_64",
                "product": {
                  "name": "libzypp-devel-17.19.0-lp151.2.10.1.x86_64",
                  "product_id": "libzypp-devel-17.19.0-lp151.2.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libzypp-devel-doc-17.19.0-lp151.2.10.1.x86_64",
                "product": {
                  "name": "libzypp-devel-doc-17.19.0-lp151.2.10.1.x86_64",
                  "product_id": "libzypp-devel-doc-17.19.0-lp151.2.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "perl-solv-0.7.10-lp151.2.10.1.x86_64",
                "product": {
                  "name": "perl-solv-0.7.10-lp151.2.10.1.x86_64",
                  "product_id": "perl-solv-0.7.10-lp151.2.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python-solv-0.7.10-lp151.2.10.1.x86_64",
                "product": {
                  "name": "python-solv-0.7.10-lp151.2.10.1.x86_64",
                  "product_id": "python-solv-0.7.10-lp151.2.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-solv-0.7.10-lp151.2.10.1.x86_64",
                "product": {
                  "name": "python3-solv-0.7.10-lp151.2.10.1.x86_64",
                  "product_id": "python3-solv-0.7.10-lp151.2.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ruby-solv-0.7.10-lp151.2.10.1.x86_64",
                "product": {
                  "name": "ruby-solv-0.7.10-lp151.2.10.1.x86_64",
                  "product_id": "ruby-solv-0.7.10-lp151.2.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "zypper-1.14.33-lp151.2.10.1.x86_64",
                "product": {
                  "name": "zypper-1.14.33-lp151.2.10.1.x86_64",
                  "product_id": "zypper-1.14.33-lp151.2.10.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsolv-demo-0.7.10-lp151.2.10.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libsolv-demo-0.7.10-lp151.2.10.1.i586"
        },
        "product_reference": "libsolv-demo-0.7.10-lp151.2.10.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsolv-demo-0.7.10-lp151.2.10.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libsolv-demo-0.7.10-lp151.2.10.1.x86_64"
        },
        "product_reference": "libsolv-demo-0.7.10-lp151.2.10.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsolv-devel-0.7.10-lp151.2.10.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libsolv-devel-0.7.10-lp151.2.10.1.i586"
        },
        "product_reference": "libsolv-devel-0.7.10-lp151.2.10.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsolv-devel-0.7.10-lp151.2.10.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libsolv-devel-0.7.10-lp151.2.10.1.x86_64"
        },
        "product_reference": "libsolv-devel-0.7.10-lp151.2.10.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsolv-tools-0.7.10-lp151.2.10.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libsolv-tools-0.7.10-lp151.2.10.1.i586"
        },
        "product_reference": "libsolv-tools-0.7.10-lp151.2.10.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsolv-tools-0.7.10-lp151.2.10.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libsolv-tools-0.7.10-lp151.2.10.1.x86_64"
        },
        "product_reference": "libsolv-tools-0.7.10-lp151.2.10.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libzypp-17.19.0-lp151.2.10.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libzypp-17.19.0-lp151.2.10.1.i586"
        },
        "product_reference": "libzypp-17.19.0-lp151.2.10.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libzypp-17.19.0-lp151.2.10.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libzypp-17.19.0-lp151.2.10.1.x86_64"
        },
        "product_reference": "libzypp-17.19.0-lp151.2.10.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libzypp-devel-17.19.0-lp151.2.10.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libzypp-devel-17.19.0-lp151.2.10.1.i586"
        },
        "product_reference": "libzypp-devel-17.19.0-lp151.2.10.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libzypp-devel-17.19.0-lp151.2.10.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libzypp-devel-17.19.0-lp151.2.10.1.x86_64"
        },
        "product_reference": "libzypp-devel-17.19.0-lp151.2.10.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libzypp-devel-doc-17.19.0-lp151.2.10.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libzypp-devel-doc-17.19.0-lp151.2.10.1.i586"
        },
        "product_reference": "libzypp-devel-doc-17.19.0-lp151.2.10.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libzypp-devel-doc-17.19.0-lp151.2.10.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libzypp-devel-doc-17.19.0-lp151.2.10.1.x86_64"
        },
        "product_reference": "libzypp-devel-doc-17.19.0-lp151.2.10.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-solv-0.7.10-lp151.2.10.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:perl-solv-0.7.10-lp151.2.10.1.i586"
        },
        "product_reference": "perl-solv-0.7.10-lp151.2.10.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-solv-0.7.10-lp151.2.10.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:perl-solv-0.7.10-lp151.2.10.1.x86_64"
        },
        "product_reference": "perl-solv-0.7.10-lp151.2.10.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-solv-0.7.10-lp151.2.10.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:python-solv-0.7.10-lp151.2.10.1.i586"
        },
        "product_reference": "python-solv-0.7.10-lp151.2.10.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-solv-0.7.10-lp151.2.10.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:python-solv-0.7.10-lp151.2.10.1.x86_64"
        },
        "product_reference": "python-solv-0.7.10-lp151.2.10.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-solv-0.7.10-lp151.2.10.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:python3-solv-0.7.10-lp151.2.10.1.i586"
        },
        "product_reference": "python3-solv-0.7.10-lp151.2.10.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-solv-0.7.10-lp151.2.10.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:python3-solv-0.7.10-lp151.2.10.1.x86_64"
        },
        "product_reference": "python3-solv-0.7.10-lp151.2.10.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby-solv-0.7.10-lp151.2.10.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:ruby-solv-0.7.10-lp151.2.10.1.i586"
        },
        "product_reference": "ruby-solv-0.7.10-lp151.2.10.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby-solv-0.7.10-lp151.2.10.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:ruby-solv-0.7.10-lp151.2.10.1.x86_64"
        },
        "product_reference": "ruby-solv-0.7.10-lp151.2.10.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zypper-1.14.33-lp151.2.10.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:zypper-1.14.33-lp151.2.10.1.i586"
        },
        "product_reference": "zypper-1.14.33-lp151.2.10.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zypper-1.14.33-lp151.2.10.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:zypper-1.14.33-lp151.2.10.1.x86_64"
        },
        "product_reference": "zypper-1.14.33-lp151.2.10.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zypper-aptitude-1.14.33-lp151.2.10.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:zypper-aptitude-1.14.33-lp151.2.10.1.noarch"
        },
        "product_reference": "zypper-aptitude-1.14.33-lp151.2.10.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zypper-log-1.14.33-lp151.2.10.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:zypper-log-1.14.33-lp151.2.10.1.noarch"
        },
        "product_reference": "zypper-log-1.14.33-lp151.2.10.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zypper-needs-restarting-1.14.33-lp151.2.10.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:zypper-needs-restarting-1.14.33-lp151.2.10.1.noarch"
        },
        "product_reference": "zypper-needs-restarting-1.14.33-lp151.2.10.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-18900",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-18900"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": ": Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libsolv-demo-0.7.10-lp151.2.10.1.i586",
          "openSUSE Leap 15.1:libsolv-demo-0.7.10-lp151.2.10.1.x86_64",
          "openSUSE Leap 15.1:libsolv-devel-0.7.10-lp151.2.10.1.i586",
          "openSUSE Leap 15.1:libsolv-devel-0.7.10-lp151.2.10.1.x86_64",
          "openSUSE Leap 15.1:libsolv-tools-0.7.10-lp151.2.10.1.i586",
          "openSUSE Leap 15.1:libsolv-tools-0.7.10-lp151.2.10.1.x86_64",
          "openSUSE Leap 15.1:libzypp-17.19.0-lp151.2.10.1.i586",
          "openSUSE Leap 15.1:libzypp-17.19.0-lp151.2.10.1.x86_64",
          "openSUSE Leap 15.1:libzypp-devel-17.19.0-lp151.2.10.1.i586",
          "openSUSE Leap 15.1:libzypp-devel-17.19.0-lp151.2.10.1.x86_64",
          "openSUSE Leap 15.1:libzypp-devel-doc-17.19.0-lp151.2.10.1.i586",
          "openSUSE Leap 15.1:libzypp-devel-doc-17.19.0-lp151.2.10.1.x86_64",
          "openSUSE Leap 15.1:perl-solv-0.7.10-lp151.2.10.1.i586",
          "openSUSE Leap 15.1:perl-solv-0.7.10-lp151.2.10.1.x86_64",
          "openSUSE Leap 15.1:python-solv-0.7.10-lp151.2.10.1.i586",
          "openSUSE Leap 15.1:python-solv-0.7.10-lp151.2.10.1.x86_64",
          "openSUSE Leap 15.1:python3-solv-0.7.10-lp151.2.10.1.i586",
          "openSUSE Leap 15.1:python3-solv-0.7.10-lp151.2.10.1.x86_64",
          "openSUSE Leap 15.1:ruby-solv-0.7.10-lp151.2.10.1.i586",
          "openSUSE Leap 15.1:ruby-solv-0.7.10-lp151.2.10.1.x86_64",
          "openSUSE Leap 15.1:zypper-1.14.33-lp151.2.10.1.i586",
          "openSUSE Leap 15.1:zypper-1.14.33-lp151.2.10.1.x86_64",
          "openSUSE Leap 15.1:zypper-aptitude-1.14.33-lp151.2.10.1.noarch",
          "openSUSE Leap 15.1:zypper-log-1.14.33-lp151.2.10.1.noarch",
          "openSUSE Leap 15.1:zypper-needs-restarting-1.14.33-lp151.2.10.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-18900",
          "url": "https://www.suse.com/security/cve/CVE-2019-18900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158763 for CVE-2019-18900",
          "url": "https://bugzilla.suse.com/1158763"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libsolv-demo-0.7.10-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:libsolv-demo-0.7.10-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:libsolv-devel-0.7.10-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:libsolv-devel-0.7.10-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:libsolv-tools-0.7.10-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:libsolv-tools-0.7.10-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:libzypp-17.19.0-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:libzypp-17.19.0-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:libzypp-devel-17.19.0-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:libzypp-devel-17.19.0-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:libzypp-devel-doc-17.19.0-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:libzypp-devel-doc-17.19.0-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:perl-solv-0.7.10-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:perl-solv-0.7.10-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:python-solv-0.7.10-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:python-solv-0.7.10-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:python3-solv-0.7.10-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:python3-solv-0.7.10-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:ruby-solv-0.7.10-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:ruby-solv-0.7.10-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:zypper-1.14.33-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:zypper-1.14.33-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:zypper-aptitude-1.14.33-lp151.2.10.1.noarch",
            "openSUSE Leap 15.1:zypper-log-1.14.33-lp151.2.10.1.noarch",
            "openSUSE Leap 15.1:zypper-needs-restarting-1.14.33-lp151.2.10.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libsolv-demo-0.7.10-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:libsolv-demo-0.7.10-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:libsolv-devel-0.7.10-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:libsolv-devel-0.7.10-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:libsolv-tools-0.7.10-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:libsolv-tools-0.7.10-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:libzypp-17.19.0-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:libzypp-17.19.0-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:libzypp-devel-17.19.0-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:libzypp-devel-17.19.0-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:libzypp-devel-doc-17.19.0-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:libzypp-devel-doc-17.19.0-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:perl-solv-0.7.10-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:perl-solv-0.7.10-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:python-solv-0.7.10-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:python-solv-0.7.10-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:python3-solv-0.7.10-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:python3-solv-0.7.10-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:ruby-solv-0.7.10-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:ruby-solv-0.7.10-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:zypper-1.14.33-lp151.2.10.1.i586",
            "openSUSE Leap 15.1:zypper-1.14.33-lp151.2.10.1.x86_64",
            "openSUSE Leap 15.1:zypper-aptitude-1.14.33-lp151.2.10.1.noarch",
            "openSUSE Leap 15.1:zypper-log-1.14.33-lp151.2.10.1.noarch",
            "openSUSE Leap 15.1:zypper-needs-restarting-1.14.33-lp151.2.10.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-02-27T13:19:04Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-18900"
    }
  ]
}

CVE-2019-18900 (GCVE-0-2019-18900)

Vulnerability from cvelistv5

Published

2020-01-24 15:15

Modified

2024-09-16 20:52

Severity ?

4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-276 - Incorrect Default Permissions

Summary

: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1.

References

►

URL

Tags

	https://bugzilla.suse.com/show_bug.cgi?id=1158763	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00036.html	vendor-advisory, x_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2020/03/msg00005.html	mailing-list, x_refsource_MLIST

Impacted products

Vendor

Product

Version

►

SUSE

CaaS Platform 3.0

Version: libzypp < 16.21.2-27.68.1

	SUSE	SUSE Linux Enterprise Server 12	Version: libzypp < 16.21.2-2.45.1
	SUSE	SUSE Linux Enterprise Server 15	Version: libzypp 17.19.0-3.34.1

Show details on NVD website