SUSE-RU-2019:2742-1: important: Recommended update for libzypp, zypper, libsolv and PackageKit

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Oct 22 10:55:23 MDT 2019


   SUSE Recommended Update: Recommended update for libzypp, zypper, libsolv and PackageKit
______________________________________________________________________________

Announcement ID:    SUSE-RU-2019:2742-1
Rating:             important
References:         #1049825 #1116995 #1120629 #1120630 #1120631 
                    #1127155 #1127608 #1130306 #1131113 #1131823 
                    #1134226 #1135749 #1137977 #1139795 #1140039 
                    #1145521 #1146027 #1146415 #1146947 #1153557 
                    #859480 
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 15-SP1
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1
                    SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
                    SUSE Linux Enterprise Module for Development Tools 15-SP1
                    SUSE Linux Enterprise Module for Desktop Applications 15-SP1
                    SUSE Linux Enterprise Module for Basesystem 15-SP1
______________________________________________________________________________

   An update that solves three vulnerabilities and has 18
   fixes is now available.

Description:

   This update for libzypp, zypper, libsolv and PackageKit fixes the
   following issues:

   Security issues fixed in libsolv:

   - CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c
     (function testcase_read) (bsc#1120629).
   - CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c
     (function testcase_str2dep_complex) in libsolvext.a (bsc#1120630).
   - CVE-2018-20534: Fixed illegal address access at src/pool.h (function
     pool_whatprovides) in libsolv.a (bsc#1120631).

   Other issues addressed in libsolv:

   - Fixed an issue where libsolv failed to build against swig 4.0 by
     updating the version to 0.7.5 (bsc#1135749).
   - Fixed an issue with the package name (bsc#1131823).
   - repo_add_rpmdb: do not copy bad solvables from the old solv file
   - Fixed an issue with  cleandeps updates in which all packages were not
     updated
   - Experimental DISTTYPE_CONDA and REL_CONDA support
   - Fixed cleandeps jobs when using patterns (bsc#1137977)
   - Fixed favorq leaking between solver runs if the solver is reused
   - Fixed SOLVER_FLAG_FOCUS_BEST updateing packages without reason
   - Be more correct with multiversion packages that obsolete their own name
     (bnc#1127155)
   - Fix repository priority handling for multiversion packages
   - Make code compatible with swig 4.0, remove obj0 instances
   - repo2solv: support zchunk compressed data
   - Remove NO_BRP_STRIP_DEBUG=true as brp-15-strip-debug will not strip
     debug info for archives

   Issues fixed in libzypp:

   - Fix empty metalink downloads if filesize is unknown (bsc#1153557)
   - Recognize riscv64 as architecture
   - Fix installation of new header file (fixes #185)
   - zypp.conf: Introduce `solver.focus` to define the resolvers general
     attitude when resolving jobs. (bsc#1146415)
   - New container detection algorithm for zypper ps (bsc#1146947)
   - Fix leaking filedescriptors in MediaCurl. (bsc#1116995)
   - Run file conflict check on dry-run. (bsc#1140039)
   - Do not remove orphan products if the .prod file is owned by a package.
     (bsc#1139795)
   - Rephrase file conflict check summary. (bsc#1140039)
   - Fix bash completions option detection. (bsc#1049825)
   - Fixes a bug where zypper exited on SIGPIPE when downloading packages
     (bsc#1145521)
   - Fixes an issue where zypper exited with a segmentation fault when
     updating via YaST2 (bsc#1146027)
   - PublicKey::algoName: supply key algorithm and length

   Issues fixed in zypper:

   - Update to version 1.14.30
   - Ignore SIGPIPE while STDOUT/STDERR are OK (bsc#1145521)
   - Dump stacktrace on SIGPIPE (bsc#1145521)
   - info: The requested info must be shown in QUIET mode (fixes #287)
   - Fix local/remote url classification.
   - Rephrase file conflict check summary (bsc#1140039)
   - Fix bash completions option detection (bsc#1049825)
   - man: split '--with[out]' like options to ease searching.
   - Unhided 'ps' command in help
   - Added option to show more conflict information
   - Rephrased `zypper ps` hint (bsc#859480)
   - Fixed repo refresh not returning 106-ZYPPER_EXIT_INF_REPOS_SKIPPED if
     --root is used (bsc#1134226)
   - Fixed unknown package handling in zypper install (bsc#1127608)
   - Re-show progress bar after pressing retry upon install error
     (bsc#1131113)


   Issues fixed in PackageKit:

   - Port the cron configuration variables to the systemd timer script, and
     add -sendwait parameter to mail in the script(bsc#1130306).


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 15-SP1:

      zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2742=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2019-2742=1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2742=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2742=1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2742=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2742=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64):

      PackageKit-debuginfo-1.1.10-12.3.5
      PackageKit-debugsource-1.1.10-12.3.5
      PackageKit-gstreamer-plugin-1.1.10-12.3.5
      PackageKit-gstreamer-plugin-debuginfo-1.1.10-12.3.5
      PackageKit-gtk3-module-1.1.10-12.3.5
      PackageKit-gtk3-module-debuginfo-1.1.10-12.3.5

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64):

      libsolv-debuginfo-0.7.6-3.7.2
      libsolv-debugsource-0.7.6-3.7.2
      python-solv-0.7.6-3.7.2
      python-solv-debuginfo-0.7.6-3.7.2

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):

      libsolv-debuginfo-0.7.6-3.7.2
      libsolv-debugsource-0.7.6-3.7.2
      libsolv-demo-0.7.6-3.7.2
      libsolv-demo-debuginfo-0.7.6-3.7.2
      libzypp-debuginfo-17.15.0-3.9.1
      libzypp-debugsource-17.15.0-3.9.1
      libzypp-devel-doc-17.15.0-3.9.1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64):

      PackageKit-debugsource-1.1.10-12.3.5
      libpackagekit-glib2-18-32bit-1.1.10-12.3.5
      libpackagekit-glib2-18-32bit-debuginfo-1.1.10-12.3.5
      libpackagekit-glib2-devel-32bit-1.1.10-12.3.5

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch):

      PackageKit-branding-upstream-1.1.10-12.3.5
      yast2-pkg-bindings-devel-doc-4.1.2-3.3.5
      zypper-aptitude-1.14.30-3.7.2

   - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):

      libsolv-debuginfo-0.7.6-3.7.2
      libsolv-debugsource-0.7.6-3.7.2
      perl-solv-0.7.6-3.7.2
      perl-solv-debuginfo-0.7.6-3.7.2
      ruby-solv-0.7.6-3.7.2
      ruby-solv-debuginfo-0.7.6-3.7.2

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64):

      PackageKit-1.1.10-12.3.5
      PackageKit-backend-zypp-1.1.10-12.3.5
      PackageKit-backend-zypp-debuginfo-1.1.10-12.3.5
      PackageKit-debuginfo-1.1.10-12.3.5
      PackageKit-debugsource-1.1.10-12.3.5
      PackageKit-devel-1.1.10-12.3.5
      PackageKit-devel-debuginfo-1.1.10-12.3.5
      libpackagekit-glib2-18-1.1.10-12.3.5
      libpackagekit-glib2-18-debuginfo-1.1.10-12.3.5
      libpackagekit-glib2-devel-1.1.10-12.3.5
      libyui-qt-pkg-debugsource-2.45.27-3.3.5
      libyui-qt-pkg-devel-2.45.27-3.3.5
      typelib-1_0-PackageKitGlib-1_0-1.1.10-12.3.5

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch):

      PackageKit-lang-1.1.10-12.3.5

   - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64):

      libsolv-debuginfo-0.7.6-3.7.2
      libsolv-debugsource-0.7.6-3.7.2
      libsolv-devel-0.7.6-3.7.2
      libsolv-devel-debuginfo-0.7.6-3.7.2
      libsolv-tools-0.7.6-3.7.2
      libsolv-tools-debuginfo-0.7.6-3.7.2
      libyui-ncurses-pkg-debugsource-2.48.9-7.3.5
      libyui-ncurses-pkg-devel-2.48.9-7.3.5
      libyui-ncurses-pkg9-2.48.9-7.3.5
      libyui-ncurses-pkg9-debuginfo-2.48.9-7.3.5
      libyui-qt-pkg-debugsource-2.45.27-3.3.5
      libyui-qt-pkg9-2.45.27-3.3.5
      libyui-qt-pkg9-debuginfo-2.45.27-3.3.5
      libzypp-17.15.0-3.9.1
      libzypp-debuginfo-17.15.0-3.9.1
      libzypp-debugsource-17.15.0-3.9.1
      libzypp-devel-17.15.0-3.9.1
      python3-solv-0.7.6-3.7.2
      python3-solv-debuginfo-0.7.6-3.7.2
      yast2-pkg-bindings-4.1.2-3.3.5
      yast2-pkg-bindings-debuginfo-4.1.2-3.3.5
      yast2-pkg-bindings-debugsource-4.1.2-3.3.5
      zypper-1.14.30-3.7.2
      zypper-debuginfo-1.14.30-3.7.2
      zypper-debugsource-1.14.30-3.7.2

   - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch):

      libyui-ncurses-pkg-doc-2.48.9-7.3.3
      libyui-qt-pkg-doc-2.45.27-3.3.3
      zypper-log-1.14.30-3.7.2
      zypper-needs-restarting-1.14.30-3.7.2


References:

   https://www.suse.com/security/cve/CVE-2018-20532.html
   https://www.suse.com/security/cve/CVE-2018-20533.html
   https://www.suse.com/security/cve/CVE-2018-20534.html
   https://bugzilla.suse.com/1049825
   https://bugzilla.suse.com/1116995
   https://bugzilla.suse.com/1120629
   https://bugzilla.suse.com/1120630
   https://bugzilla.suse.com/1120631
   https://bugzilla.suse.com/1127155
   https://bugzilla.suse.com/1127608
   https://bugzilla.suse.com/1130306
   https://bugzilla.suse.com/1131113
   https://bugzilla.suse.com/1131823
   https://bugzilla.suse.com/1134226
   https://bugzilla.suse.com/1135749
   https://bugzilla.suse.com/1137977
   https://bugzilla.suse.com/1139795
   https://bugzilla.suse.com/1140039
   https://bugzilla.suse.com/1145521
   https://bugzilla.suse.com/1146027
   https://bugzilla.suse.com/1146415
   https://bugzilla.suse.com/1146947
   https://bugzilla.suse.com/1153557
   https://bugzilla.suse.com/859480



More information about the sle-updates mailing list