suse-su-2018:2690-1
Vulnerability from csaf_suse
Published
2018-09-11 13:50
Modified
2018-09-11 13:50
Summary
Security update for libzypp, zypper
Notes
Title of the patch
Security update for libzypp, zypper
Description of the patch
This update for libzypp, zypper, libsolv provides the following fixes:
Security fixes in libzypp:
- CVE-2018-7685: PackageProvider: Validate RPMs before caching (bsc#1091624, bsc#1088705)
- CVE-2017-9269: Be sure bad packages do not stay in the cache (bsc#1045735)
Changes in libzypp:
- Update to version 17.6.4
- Automatically fetch repository signing key from gpgkey url (bsc#1088037)
- lsof: use '-K i' if lsof supports it (bsc#1099847,bsc#1036304)
- Check for not imported keys after multi key import from rpmdb (bsc#1096217)
- Flags: make it std=c++14 ready
- Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617)
- Show GPGME version in log
- Adapt to changes in libgpgme11-11.1.0 breaking the signature verification (bsc#1100427)
- RepoInfo::provideKey: add report telling where we look for missing keys.
- Support listing gpgkey URLs in repo files (bsc#1088037)
- Add new report to request user approval for importing a package key
- Handle http error 502 Bad Gateway in curl backend (bsc#1070851)
- Add filesize check for downloads with known size (bsc#408814)
- Removed superfluous space in translation (bsc#1102019)
- Prevent the system from sleeping during a commit
- RepoManager: Explicitly request repo2solv to generate application pseudo packages.
- libzypp-devel should not require cmake (bsc#1101349)
- Avoid zombies from ExternalProgram
- Update ApiConfig
- HardLocksFile: Prevent against empty commit without Target having
been been loaded (bsc#1096803)
- lsof: use '-K i' if lsof supports it (bsc#1099847)
- Add filesize check for downloads with known size (bsc#408814)
- Fix detection of metalink downloads and prevent aborting if a metalink file
is larger than the expected data file.
- Require libsolv-devel >= 0.6.35 during build (fixing bsc#1100095)
- Make use of %license macro (bsc#1082318)
Security fix in zypper:
- CVE-2017-9269: Improve signature check callback messages (bsc#1045735)
Changes in zypper:
- Always set error status if any nr of unknown repositories are passed to lr and ref (bsc#1093103)
- Notify user about unsupported rpm V3 keys in an old rpm database (bsc#1096217)
- Detect read only filesystem on system modifying operations (fixes #199)
- Use %license (bsc#1082318)
- Handle repo aliases containing multiple ':' in the PackageArgs parser (bsc #1041178)
- Fix broken display of detailed query results.
- Fix broken search for items with a dash. (bsc#907538, bsc#1043166, bsc#1070770)
- Disable repository operations when searching installed packages. (bsc#1084525)
- Prevent nested calls to exit() if aborted by a signal. (bsc#1092413)
- ansi.h: Prevent ESC sequence strings from going out of scope. (bsc#1092413)
- Fix some translation errors.
- Support listing gpgkey URLs in repo files (bsc#1088037)
- Check for root privileges in zypper verify and si (bsc#1058515)
- XML <install-summary> attribute `packages-to-change` added (bsc#1102429)
- Add expert (allow-*) options to all installer commands (bsc#428822)
- Sort search results by multiple columns (bsc#1066215)
- man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028)
- Set error status if repositories passed to lr and ref are not known (bsc#1093103)
- Do not override table style in search
- Fix out of bound read in MbsIterator
- Add --supplements switch to search and info
- Add setter functions for zypp cache related config values to ZConfig
Changes in libsolv:
- convert repo2solv.sh script into a binary tool
- Make use of %license macro (bsc#1082318)
Patchnames
SUSE-SLE-Module-Basesystem-15-2018-1883,SUSE-SLE-Module-Development-Tools-15-2018-1883
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libzypp, zypper",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libzypp, zypper, libsolv provides the following fixes:\n\nSecurity fixes in libzypp:\n\n- CVE-2018-7685: PackageProvider: Validate RPMs before caching (bsc#1091624, bsc#1088705)\n- CVE-2017-9269: Be sure bad packages do not stay in the cache (bsc#1045735)\n\nChanges in libzypp:\n\n- Update to version 17.6.4\n- Automatically fetch repository signing key from gpgkey url (bsc#1088037)\n- lsof: use \u0027-K i\u0027 if lsof supports it (bsc#1099847,bsc#1036304)\n- Check for not imported keys after multi key import from rpmdb (bsc#1096217)\n- Flags: make it std=c++14 ready\n- Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617)\n- Show GPGME version in log\n- Adapt to changes in libgpgme11-11.1.0 breaking the signature verification (bsc#1100427)\n- RepoInfo::provideKey: add report telling where we look for missing keys.\n- Support listing gpgkey URLs in repo files (bsc#1088037)\n- Add new report to request user approval for importing a package key\n- Handle http error 502 Bad Gateway in curl backend (bsc#1070851)\n- Add filesize check for downloads with known size (bsc#408814)\n- Removed superfluous space in translation (bsc#1102019)\n- Prevent the system from sleeping during a commit\n- RepoManager: Explicitly request repo2solv to generate application pseudo packages.\n- libzypp-devel should not require cmake (bsc#1101349)\n- Avoid zombies from ExternalProgram\n- Update ApiConfig\n- HardLocksFile: Prevent against empty commit without Target having\n been been loaded (bsc#1096803)\n- lsof: use \u0027-K i\u0027 if lsof supports it (bsc#1099847)\n- Add filesize check for downloads with known size (bsc#408814)\n- Fix detection of metalink downloads and prevent aborting if a metalink file\n is larger than the expected data file.\n- Require libsolv-devel \u003e= 0.6.35 during build (fixing bsc#1100095)\n- Make use of %license macro (bsc#1082318)\n\nSecurity fix in zypper:\n\n- CVE-2017-9269: Improve signature check callback messages (bsc#1045735)\n\nChanges in zypper:\n\n- Always set error status if any nr of unknown repositories are passed to lr and ref (bsc#1093103)\n- Notify user about unsupported rpm V3 keys in an old rpm database (bsc#1096217)\n- Detect read only filesystem on system modifying operations (fixes #199)\n- Use %license (bsc#1082318)\n- Handle repo aliases containing multiple \u0027:\u0027 in the PackageArgs parser (bsc #1041178)\n- Fix broken display of detailed query results.\n- Fix broken search for items with a dash. (bsc#907538, bsc#1043166, bsc#1070770)\n- Disable repository operations when searching installed packages. (bsc#1084525)\n- Prevent nested calls to exit() if aborted by a signal. (bsc#1092413)\n- ansi.h: Prevent ESC sequence strings from going out of scope. (bsc#1092413)\n- Fix some translation errors.\n- Support listing gpgkey URLs in repo files (bsc#1088037)\n- Check for root privileges in zypper verify and si (bsc#1058515)\n- XML \u003cinstall-summary\u003e attribute `packages-to-change` added (bsc#1102429)\n- Add expert (allow-*) options to all installer commands (bsc#428822)\n- Sort search results by multiple columns (bsc#1066215)\n- man: Strengthen that `--config FILE\u0027 affects zypper.conf, not zypp.conf (bsc#1100028)\n- Set error status if repositories passed to lr and ref are not known (bsc#1093103)\n- Do not override table style in search\n- Fix out of bound read in MbsIterator\n- Add --supplements switch to search and info\n- Add setter functions for zypp cache related config values to ZConfig\n\nChanges in libsolv:\n\n- convert repo2solv.sh script into a binary tool\n- Make use of %license macro (bsc#1082318)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Basesystem-15-2018-1883,SUSE-SLE-Module-Development-Tools-15-2018-1883",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2690-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2690-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182690-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2690-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-September/004555.html"
},
{
"category": "self",
"summary": "SUSE Bug 1036304",
"url": "https://bugzilla.suse.com/1036304"
},
{
"category": "self",
"summary": "SUSE Bug 1041178",
"url": "https://bugzilla.suse.com/1041178"
},
{
"category": "self",
"summary": "SUSE Bug 1043166",
"url": "https://bugzilla.suse.com/1043166"
},
{
"category": "self",
"summary": "SUSE Bug 1045735",
"url": "https://bugzilla.suse.com/1045735"
},
{
"category": "self",
"summary": "SUSE Bug 1058515",
"url": "https://bugzilla.suse.com/1058515"
},
{
"category": "self",
"summary": "SUSE Bug 1066215",
"url": "https://bugzilla.suse.com/1066215"
},
{
"category": "self",
"summary": "SUSE Bug 1070770",
"url": "https://bugzilla.suse.com/1070770"
},
{
"category": "self",
"summary": "SUSE Bug 1070851",
"url": "https://bugzilla.suse.com/1070851"
},
{
"category": "self",
"summary": "SUSE Bug 1082318",
"url": "https://bugzilla.suse.com/1082318"
},
{
"category": "self",
"summary": "SUSE Bug 1084525",
"url": "https://bugzilla.suse.com/1084525"
},
{
"category": "self",
"summary": "SUSE Bug 1088037",
"url": "https://bugzilla.suse.com/1088037"
},
{
"category": "self",
"summary": "SUSE Bug 1088705",
"url": "https://bugzilla.suse.com/1088705"
},
{
"category": "self",
"summary": "SUSE Bug 1091624",
"url": "https://bugzilla.suse.com/1091624"
},
{
"category": "self",
"summary": "SUSE Bug 1092413",
"url": "https://bugzilla.suse.com/1092413"
},
{
"category": "self",
"summary": "SUSE Bug 1093103",
"url": "https://bugzilla.suse.com/1093103"
},
{
"category": "self",
"summary": "SUSE Bug 1096217",
"url": "https://bugzilla.suse.com/1096217"
},
{
"category": "self",
"summary": "SUSE Bug 1096617",
"url": "https://bugzilla.suse.com/1096617"
},
{
"category": "self",
"summary": "SUSE Bug 1096803",
"url": "https://bugzilla.suse.com/1096803"
},
{
"category": "self",
"summary": "SUSE Bug 1099847",
"url": "https://bugzilla.suse.com/1099847"
},
{
"category": "self",
"summary": "SUSE Bug 1100028",
"url": "https://bugzilla.suse.com/1100028"
},
{
"category": "self",
"summary": "SUSE Bug 1100095",
"url": "https://bugzilla.suse.com/1100095"
},
{
"category": "self",
"summary": "SUSE Bug 1100427",
"url": "https://bugzilla.suse.com/1100427"
},
{
"category": "self",
"summary": "SUSE Bug 1101349",
"url": "https://bugzilla.suse.com/1101349"
},
{
"category": "self",
"summary": "SUSE Bug 1102019",
"url": "https://bugzilla.suse.com/1102019"
},
{
"category": "self",
"summary": "SUSE Bug 1102429",
"url": "https://bugzilla.suse.com/1102429"
},
{
"category": "self",
"summary": "SUSE Bug 408814",
"url": "https://bugzilla.suse.com/408814"
},
{
"category": "self",
"summary": "SUSE Bug 428822",
"url": "https://bugzilla.suse.com/428822"
},
{
"category": "self",
"summary": "SUSE Bug 907538",
"url": "https://bugzilla.suse.com/907538"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9269 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9269/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7685 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7685/"
}
],
"title": "Security update for libzypp, zypper",
"tracking": {
"current_release_date": "2018-09-11T13:50:37Z",
"generator": {
"date": "2018-09-11T13:50:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2690-1",
"initial_release_date": "2018-09-11T13:50:37Z",
"revision_history": [
{
"date": "2018-09-11T13:50:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libsolv-devel-0.6.35-3.5.2.aarch64",
"product": {
"name": "libsolv-devel-0.6.35-3.5.2.aarch64",
"product_id": "libsolv-devel-0.6.35-3.5.2.aarch64"
}
},
{
"category": "product_version",
"name": "libsolv-tools-0.6.35-3.5.2.aarch64",
"product": {
"name": "libsolv-tools-0.6.35-3.5.2.aarch64",
"product_id": "libsolv-tools-0.6.35-3.5.2.aarch64"
}
},
{
"category": "product_version",
"name": "libzypp-17.6.4-3.10.1.aarch64",
"product": {
"name": "libzypp-17.6.4-3.10.1.aarch64",
"product_id": "libzypp-17.6.4-3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "libzypp-devel-17.6.4-3.10.1.aarch64",
"product": {
"name": "libzypp-devel-17.6.4-3.10.1.aarch64",
"product_id": "libzypp-devel-17.6.4-3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-solv-0.6.35-3.5.2.aarch64",
"product": {
"name": "python-solv-0.6.35-3.5.2.aarch64",
"product_id": "python-solv-0.6.35-3.5.2.aarch64"
}
},
{
"category": "product_version",
"name": "zypper-1.14.10-3.7.1.aarch64",
"product": {
"name": "zypper-1.14.10-3.7.1.aarch64",
"product_id": "zypper-1.14.10-3.7.1.aarch64"
}
},
{
"category": "product_version",
"name": "perl-solv-0.6.35-3.5.2.aarch64",
"product": {
"name": "perl-solv-0.6.35-3.5.2.aarch64",
"product_id": "perl-solv-0.6.35-3.5.2.aarch64"
}
},
{
"category": "product_version",
"name": "python3-solv-0.6.35-3.5.2.aarch64",
"product": {
"name": "python3-solv-0.6.35-3.5.2.aarch64",
"product_id": "python3-solv-0.6.35-3.5.2.aarch64"
}
},
{
"category": "product_version",
"name": "ruby-solv-0.6.35-3.5.2.aarch64",
"product": {
"name": "ruby-solv-0.6.35-3.5.2.aarch64",
"product_id": "ruby-solv-0.6.35-3.5.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "zypper-log-1.14.10-3.7.1.noarch",
"product": {
"name": "zypper-log-1.14.10-3.7.1.noarch",
"product_id": "zypper-log-1.14.10-3.7.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libsolv-devel-0.6.35-3.5.2.ppc64le",
"product": {
"name": "libsolv-devel-0.6.35-3.5.2.ppc64le",
"product_id": "libsolv-devel-0.6.35-3.5.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libsolv-tools-0.6.35-3.5.2.ppc64le",
"product": {
"name": "libsolv-tools-0.6.35-3.5.2.ppc64le",
"product_id": "libsolv-tools-0.6.35-3.5.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libzypp-17.6.4-3.10.1.ppc64le",
"product": {
"name": "libzypp-17.6.4-3.10.1.ppc64le",
"product_id": "libzypp-17.6.4-3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libzypp-devel-17.6.4-3.10.1.ppc64le",
"product": {
"name": "libzypp-devel-17.6.4-3.10.1.ppc64le",
"product_id": "libzypp-devel-17.6.4-3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-solv-0.6.35-3.5.2.ppc64le",
"product": {
"name": "python-solv-0.6.35-3.5.2.ppc64le",
"product_id": "python-solv-0.6.35-3.5.2.ppc64le"
}
},
{
"category": "product_version",
"name": "zypper-1.14.10-3.7.1.ppc64le",
"product": {
"name": "zypper-1.14.10-3.7.1.ppc64le",
"product_id": "zypper-1.14.10-3.7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "perl-solv-0.6.35-3.5.2.ppc64le",
"product": {
"name": "perl-solv-0.6.35-3.5.2.ppc64le",
"product_id": "perl-solv-0.6.35-3.5.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-solv-0.6.35-3.5.2.ppc64le",
"product": {
"name": "python3-solv-0.6.35-3.5.2.ppc64le",
"product_id": "python3-solv-0.6.35-3.5.2.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby-solv-0.6.35-3.5.2.ppc64le",
"product": {
"name": "ruby-solv-0.6.35-3.5.2.ppc64le",
"product_id": "ruby-solv-0.6.35-3.5.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsolv-devel-0.6.35-3.5.2.s390x",
"product": {
"name": "libsolv-devel-0.6.35-3.5.2.s390x",
"product_id": "libsolv-devel-0.6.35-3.5.2.s390x"
}
},
{
"category": "product_version",
"name": "libsolv-tools-0.6.35-3.5.2.s390x",
"product": {
"name": "libsolv-tools-0.6.35-3.5.2.s390x",
"product_id": "libsolv-tools-0.6.35-3.5.2.s390x"
}
},
{
"category": "product_version",
"name": "libzypp-17.6.4-3.10.1.s390x",
"product": {
"name": "libzypp-17.6.4-3.10.1.s390x",
"product_id": "libzypp-17.6.4-3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "libzypp-devel-17.6.4-3.10.1.s390x",
"product": {
"name": "libzypp-devel-17.6.4-3.10.1.s390x",
"product_id": "libzypp-devel-17.6.4-3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "python-solv-0.6.35-3.5.2.s390x",
"product": {
"name": "python-solv-0.6.35-3.5.2.s390x",
"product_id": "python-solv-0.6.35-3.5.2.s390x"
}
},
{
"category": "product_version",
"name": "zypper-1.14.10-3.7.1.s390x",
"product": {
"name": "zypper-1.14.10-3.7.1.s390x",
"product_id": "zypper-1.14.10-3.7.1.s390x"
}
},
{
"category": "product_version",
"name": "perl-solv-0.6.35-3.5.2.s390x",
"product": {
"name": "perl-solv-0.6.35-3.5.2.s390x",
"product_id": "perl-solv-0.6.35-3.5.2.s390x"
}
},
{
"category": "product_version",
"name": "python3-solv-0.6.35-3.5.2.s390x",
"product": {
"name": "python3-solv-0.6.35-3.5.2.s390x",
"product_id": "python3-solv-0.6.35-3.5.2.s390x"
}
},
{
"category": "product_version",
"name": "ruby-solv-0.6.35-3.5.2.s390x",
"product": {
"name": "ruby-solv-0.6.35-3.5.2.s390x",
"product_id": "ruby-solv-0.6.35-3.5.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsolv-devel-0.6.35-3.5.2.x86_64",
"product": {
"name": "libsolv-devel-0.6.35-3.5.2.x86_64",
"product_id": "libsolv-devel-0.6.35-3.5.2.x86_64"
}
},
{
"category": "product_version",
"name": "libsolv-tools-0.6.35-3.5.2.x86_64",
"product": {
"name": "libsolv-tools-0.6.35-3.5.2.x86_64",
"product_id": "libsolv-tools-0.6.35-3.5.2.x86_64"
}
},
{
"category": "product_version",
"name": "libzypp-17.6.4-3.10.1.x86_64",
"product": {
"name": "libzypp-17.6.4-3.10.1.x86_64",
"product_id": "libzypp-17.6.4-3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "libzypp-devel-17.6.4-3.10.1.x86_64",
"product": {
"name": "libzypp-devel-17.6.4-3.10.1.x86_64",
"product_id": "libzypp-devel-17.6.4-3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-solv-0.6.35-3.5.2.x86_64",
"product": {
"name": "python-solv-0.6.35-3.5.2.x86_64",
"product_id": "python-solv-0.6.35-3.5.2.x86_64"
}
},
{
"category": "product_version",
"name": "zypper-1.14.10-3.7.1.x86_64",
"product": {
"name": "zypper-1.14.10-3.7.1.x86_64",
"product_id": "zypper-1.14.10-3.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-solv-0.6.35-3.5.2.x86_64",
"product": {
"name": "perl-solv-0.6.35-3.5.2.x86_64",
"product_id": "perl-solv-0.6.35-3.5.2.x86_64"
}
},
{
"category": "product_version",
"name": "python3-solv-0.6.35-3.5.2.x86_64",
"product": {
"name": "python3-solv-0.6.35-3.5.2.x86_64",
"product_id": "python3-solv-0.6.35-3.5.2.x86_64"
}
},
{
"category": "product_version",
"name": "ruby-solv-0.6.35-3.5.2.x86_64",
"product": {
"name": "ruby-solv-0.6.35-3.5.2.x86_64",
"product_id": "ruby-solv-0.6.35-3.5.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsolv-devel-0.6.35-3.5.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.aarch64"
},
"product_reference": "libsolv-devel-0.6.35-3.5.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsolv-devel-0.6.35-3.5.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.ppc64le"
},
"product_reference": "libsolv-devel-0.6.35-3.5.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsolv-devel-0.6.35-3.5.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.s390x"
},
"product_reference": "libsolv-devel-0.6.35-3.5.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsolv-devel-0.6.35-3.5.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.x86_64"
},
"product_reference": "libsolv-devel-0.6.35-3.5.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsolv-tools-0.6.35-3.5.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.aarch64"
},
"product_reference": "libsolv-tools-0.6.35-3.5.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsolv-tools-0.6.35-3.5.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.ppc64le"
},
"product_reference": "libsolv-tools-0.6.35-3.5.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsolv-tools-0.6.35-3.5.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.s390x"
},
"product_reference": "libsolv-tools-0.6.35-3.5.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsolv-tools-0.6.35-3.5.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.x86_64"
},
"product_reference": "libsolv-tools-0.6.35-3.5.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libzypp-17.6.4-3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.aarch64"
},
"product_reference": "libzypp-17.6.4-3.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libzypp-17.6.4-3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.ppc64le"
},
"product_reference": "libzypp-17.6.4-3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libzypp-17.6.4-3.10.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.s390x"
},
"product_reference": "libzypp-17.6.4-3.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libzypp-17.6.4-3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.x86_64"
},
"product_reference": "libzypp-17.6.4-3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libzypp-devel-17.6.4-3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.aarch64"
},
"product_reference": "libzypp-devel-17.6.4-3.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libzypp-devel-17.6.4-3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.ppc64le"
},
"product_reference": "libzypp-devel-17.6.4-3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libzypp-devel-17.6.4-3.10.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.s390x"
},
"product_reference": "libzypp-devel-17.6.4-3.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libzypp-devel-17.6.4-3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.x86_64"
},
"product_reference": "libzypp-devel-17.6.4-3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-solv-0.6.35-3.5.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.aarch64"
},
"product_reference": "python-solv-0.6.35-3.5.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-solv-0.6.35-3.5.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.ppc64le"
},
"product_reference": "python-solv-0.6.35-3.5.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-solv-0.6.35-3.5.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.s390x"
},
"product_reference": "python-solv-0.6.35-3.5.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-solv-0.6.35-3.5.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.x86_64"
},
"product_reference": "python-solv-0.6.35-3.5.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zypper-1.14.10-3.7.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.aarch64"
},
"product_reference": "zypper-1.14.10-3.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zypper-1.14.10-3.7.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.ppc64le"
},
"product_reference": "zypper-1.14.10-3.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zypper-1.14.10-3.7.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.s390x"
},
"product_reference": "zypper-1.14.10-3.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zypper-1.14.10-3.7.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.x86_64"
},
"product_reference": "zypper-1.14.10-3.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zypper-log-1.14.10-3.7.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:zypper-log-1.14.10-3.7.1.noarch"
},
"product_reference": "zypper-log-1.14.10-3.7.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-solv-0.6.35-3.5.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.aarch64"
},
"product_reference": "perl-solv-0.6.35-3.5.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-solv-0.6.35-3.5.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.ppc64le"
},
"product_reference": "perl-solv-0.6.35-3.5.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-solv-0.6.35-3.5.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.s390x"
},
"product_reference": "perl-solv-0.6.35-3.5.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-solv-0.6.35-3.5.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.x86_64"
},
"product_reference": "perl-solv-0.6.35-3.5.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-solv-0.6.35-3.5.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.aarch64"
},
"product_reference": "python3-solv-0.6.35-3.5.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-solv-0.6.35-3.5.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.ppc64le"
},
"product_reference": "python3-solv-0.6.35-3.5.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-solv-0.6.35-3.5.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.s390x"
},
"product_reference": "python3-solv-0.6.35-3.5.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-solv-0.6.35-3.5.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.x86_64"
},
"product_reference": "python3-solv-0.6.35-3.5.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-solv-0.6.35-3.5.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.aarch64"
},
"product_reference": "ruby-solv-0.6.35-3.5.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-solv-0.6.35-3.5.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.ppc64le"
},
"product_reference": "ruby-solv-0.6.35-3.5.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-solv-0.6.35-3.5.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.s390x"
},
"product_reference": "ruby-solv-0.6.35-3.5.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-solv-0.6.35-3.5.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.x86_64"
},
"product_reference": "ruby-solv-0.6.35-3.5.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-9269",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9269"
}
],
"notes": [
{
"category": "general",
"text": "In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-log-1.14.10-3.7.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9269",
"url": "https://www.suse.com/security/cve/CVE-2017-9269"
},
{
"category": "external",
"summary": "SUSE Bug 1038984 for CVE-2017-9269",
"url": "https://bugzilla.suse.com/1038984"
},
{
"category": "external",
"summary": "SUSE Bug 1045735 for CVE-2017-9269",
"url": "https://bugzilla.suse.com/1045735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-log-1.14.10-3.7.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-log-1.14.10-3.7.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-11T13:50:37Z",
"details": "important"
}
],
"title": "CVE-2017-9269"
},
{
"cve": "CVE-2018-7685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7685"
}
],
"notes": [
{
"category": "general",
"text": "The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-log-1.14.10-3.7.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7685",
"url": "https://www.suse.com/security/cve/CVE-2018-7685"
},
{
"category": "external",
"summary": "SUSE Bug 1045735 for CVE-2018-7685",
"url": "https://bugzilla.suse.com/1045735"
},
{
"category": "external",
"summary": "SUSE Bug 1088705 for CVE-2018-7685",
"url": "https://bugzilla.suse.com/1088705"
},
{
"category": "external",
"summary": "SUSE Bug 1091624 for CVE-2018-7685",
"url": "https://bugzilla.suse.com/1091624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-log-1.14.10-3.7.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:zypper-log-1.14.10-3.7.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-11T13:50:37Z",
"details": "important"
}
],
"title": "CVE-2018-7685"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…