openSUSE Security Update : libsolv / libzypp / zypper (openSUSE-2020-255)

low Nessus Plugin ID 134156

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for libsolv, libzypp, zypper fixes the following issues :

Security issue fixed :

- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).

Bug fixes

- Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819).

- Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198).

- Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678).

- Load only target resolvables for zypper rm (bsc#1157377).

- Fix broken search by filelist (bsc#1135114).

- Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158).

- Do not sort out requested locales which are not available (bsc#1155678).

- Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805).

- XML add patch issue-date and issue-list (bsc#1154805).

- Fix zypper lp --cve/bugzilla/issue options (bsc#1155298).

- Always execute commit when adding/removing locales (fixes bsc#1155205).

- Fix description of --table-style,-s in man page (bsc#1154804).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Solution

Update the affected libsolv / libzypp / zypper packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1135114

https://bugzilla.opensuse.org/show_bug.cgi?id=1154804

https://bugzilla.opensuse.org/show_bug.cgi?id=1154805

https://bugzilla.opensuse.org/show_bug.cgi?id=1155198

https://bugzilla.opensuse.org/show_bug.cgi?id=1155205

https://bugzilla.opensuse.org/show_bug.cgi?id=1155298

https://bugzilla.opensuse.org/show_bug.cgi?id=1155678

https://bugzilla.opensuse.org/show_bug.cgi?id=1155819

https://bugzilla.opensuse.org/show_bug.cgi?id=1156158

https://bugzilla.opensuse.org/show_bug.cgi?id=1157377

https://bugzilla.opensuse.org/show_bug.cgi?id=1158763

Plugin Details

Severity: Low

ID: 134156

File Name: openSUSE-2020-255.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2/28/2020

Updated: 3/25/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2019-18900

CVSS v3

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libsolv-debuginfo, p-cpe:/a:novell:opensuse:libsolv-debugsource, p-cpe:/a:novell:opensuse:libsolv-demo, p-cpe:/a:novell:opensuse:libsolv-demo-debuginfo, p-cpe:/a:novell:opensuse:libsolv-devel, p-cpe:/a:novell:opensuse:libsolv-devel-debuginfo, p-cpe:/a:novell:opensuse:libsolv-tools, p-cpe:/a:novell:opensuse:libsolv-tools-debuginfo, p-cpe:/a:novell:opensuse:libzypp, p-cpe:/a:novell:opensuse:libzypp-debuginfo, p-cpe:/a:novell:opensuse:libzypp-debugsource, p-cpe:/a:novell:opensuse:libzypp-devel, p-cpe:/a:novell:opensuse:perl-solv, p-cpe:/a:novell:opensuse:perl-solv-debuginfo, p-cpe:/a:novell:opensuse:python-solv, p-cpe:/a:novell:opensuse:python-solv-debuginfo, p-cpe:/a:novell:opensuse:python3-solv, p-cpe:/a:novell:opensuse:python3-solv-debuginfo, p-cpe:/a:novell:opensuse:ruby-solv, p-cpe:/a:novell:opensuse:ruby-solv-debuginfo, p-cpe:/a:novell:opensuse:zypper, p-cpe:/a:novell:opensuse:zypper-aptitude, p-cpe:/a:novell:opensuse:zypper-debuginfo, p-cpe:/a:novell:opensuse:zypper-debugsource, p-cpe:/a:novell:opensuse:zypper-log, p-cpe:/a:novell:opensuse:zypper-needs-restarting, cpe:/o:novell:opensuse:15.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/27/2020

Vulnerability Publication Date: 1/24/2020

Reference Information

CVE: CVE-2019-18900