SUSE-YU-2013:1408-2: important: YOU update for libzypp

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Oct 30 11:04:10 MDT 2013


   SUSE YOU Update: YOU update for libzypp
______________________________________________________________________________

Announcement ID:    SUSE-YU-2013:1408-2
Rating:             important
References:         #828672 
Affected Products:
                    SUSE Manager Client Tools for SLE 11 SP1
                    SLE CLIENT TOOLS 10 for x86_64
                    SLE CLIENT TOOLS 10 for s390x
                    SLE CLIENT TOOLS 10 for ia64
                    SLE CLIENT TOOLS 10 for PPC
                    SLE CLIENT TOOLS 10
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:


   libzypp did not handle multiple gpg pubkeys in the
   repomd.xml.key and  content.key consistently and secure.
   Attackers could have exploited this to  add their own keys
   and pretend it's from SUSE.

   Security Issue reference:

   * CVE-2013-3704
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3704
   >


Special Instructions and Notes:

   This update triggers a restart of the software management
   stack. More updates will be available for installation
   after applying this update and restarting the application.
   This update triggers a restart of the software management
   stack. More updates will be available for installation
   after applying this update and restarting the application.
   This update triggers a restart of the software management
   stack. More updates will be available for installation
   after applying this update and restarting the application.
   This update triggers a restart of the software management
   stack. More updates will be available for installation
   after applying this update and restarting the application.

Patch Instructions:

   To install this SUSE YOU Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Manager Client Tools for SLE 11 SP1:

      zypper in -t patch slesctsp1-libzypp-8360

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Manager Client Tools for SLE 11 SP1 (i586 ia64 ppc64 s390x x86_64):

      libzypp-6.39.0-0.3.1

   - SLE CLIENT TOOLS 10 for x86_64 (x86_64):

      libzypp-6.39.0-0.5.1

   - SLE CLIENT TOOLS 10 for s390x (s390x):

      libzypp-6.39.0-0.5.1

   - SLE CLIENT TOOLS 10 for ia64 (ia64):

      libzypp-6.39.0-0.5.1

   - SLE CLIENT TOOLS 10 for PPC (ppc):

      libzypp-6.39.0-0.5.1

   - SLE CLIENT TOOLS 10 (i586):

      libzypp-6.39.0-0.5.1


References:

   http://support.novell.com/security/cve/CVE-2013-3704.html
   https://bugzilla.novell.com/828672
   http://download.novell.com/patch/finder/?keywords=1580d4919b3e80f746b6ed3158079edf
   http://download.novell.com/patch/finder/?keywords=69da9fdb4651190f06fc1b3973aaf523



More information about the sle-updates mailing list