SUSE-YU-2013:1408-2: important: YOU update for libzypp
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Wed Oct 30 11:04:10 MDT 2013
SUSE YOU Update: YOU update for libzypp
______________________________________________________________________________
Announcement ID: SUSE-YU-2013:1408-2
Rating: important
References: #828672
Affected Products:
SUSE Manager Client Tools for SLE 11 SP1
SLE CLIENT TOOLS 10 for x86_64
SLE CLIENT TOOLS 10 for s390x
SLE CLIENT TOOLS 10 for ia64
SLE CLIENT TOOLS 10 for PPC
SLE CLIENT TOOLS 10
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
libzypp did not handle multiple gpg pubkeys in the
repomd.xml.key and content.key consistently and secure.
Attackers could have exploited this to add their own keys
and pretend it's from SUSE.
Security Issue reference:
* CVE-2013-3704
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3704
>
Special Instructions and Notes:
This update triggers a restart of the software management
stack. More updates will be available for installation
after applying this update and restarting the application.
This update triggers a restart of the software management
stack. More updates will be available for installation
after applying this update and restarting the application.
This update triggers a restart of the software management
stack. More updates will be available for installation
after applying this update and restarting the application.
This update triggers a restart of the software management
stack. More updates will be available for installation
after applying this update and restarting the application.
Patch Instructions:
To install this SUSE YOU Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Manager Client Tools for SLE 11 SP1:
zypper in -t patch slesctsp1-libzypp-8360
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Manager Client Tools for SLE 11 SP1 (i586 ia64 ppc64 s390x x86_64):
libzypp-6.39.0-0.3.1
- SLE CLIENT TOOLS 10 for x86_64 (x86_64):
libzypp-6.39.0-0.5.1
- SLE CLIENT TOOLS 10 for s390x (s390x):
libzypp-6.39.0-0.5.1
- SLE CLIENT TOOLS 10 for ia64 (ia64):
libzypp-6.39.0-0.5.1
- SLE CLIENT TOOLS 10 for PPC (ppc):
libzypp-6.39.0-0.5.1
- SLE CLIENT TOOLS 10 (i586):
libzypp-6.39.0-0.5.1
References:
http://support.novell.com/security/cve/CVE-2013-3704.html
https://bugzilla.novell.com/828672
http://download.novell.com/patch/finder/?keywords=1580d4919b3e80f746b6ed3158079edf
http://download.novell.com/patch/finder/?keywords=69da9fdb4651190f06fc1b3973aaf523
More information about the sle-updates
mailing list