openSUSE Security Update : libzypp / zypper (openSUSE-2021-59)

low Nessus Plugin ID 145340

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for libzypp, zypper fixes the following issues :

Update zypper to version 1.14.41

Update libzypp to 17.25.4

- CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583)

- RepoManager: Force refresh if repo url has changed (bsc#1174016)

- RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966)

- RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427).

- RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910)

- Fixed update of gpg keys with elongated expire date (bsc#179222)

- needreboot: remove udev from the list (bsc#1179083)

- Fix lsof monitoring (bsc#1179909)

yast-installation was updated to 4.2.48 :

- Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Solution

Update the affected libzypp / zypper packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1050625

https://bugzilla.opensuse.org/show_bug.cgi?id=1174016

https://bugzilla.opensuse.org/show_bug.cgi?id=1177238

https://bugzilla.opensuse.org/show_bug.cgi?id=1177275

https://bugzilla.opensuse.org/show_bug.cgi?id=1177427

https://bugzilla.opensuse.org/show_bug.cgi?id=1177583

https://bugzilla.opensuse.org/show_bug.cgi?id=1178910

https://bugzilla.opensuse.org/show_bug.cgi?id=1178966

https://bugzilla.opensuse.org/show_bug.cgi?id=1179083

https://bugzilla.opensuse.org/show_bug.cgi?id=1179222

https://bugzilla.opensuse.org/show_bug.cgi?id=1179415

https://bugzilla.opensuse.org/show_bug.cgi?id=1179909

Plugin Details

Severity: Low

ID: 145340

File Name: openSUSE-2021-59.nasl

Version: 1.3

Type: local

Agent: unix

Published: 1/25/2021

Updated: 1/26/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2017-9271

CVSS v3

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libzypp-debuginfo, p-cpe:/a:novell:opensuse:libzypp-debugsource, p-cpe:/a:novell:opensuse:zypper-debuginfo, p-cpe:/a:novell:opensuse:zypper-debugsource, p-cpe:/a:novell:opensuse:libzypp, p-cpe:/a:novell:opensuse:zypper-needs-restarting, cpe:/o:novell:opensuse:15.2, p-cpe:/a:novell:opensuse:zypper-log, p-cpe:/a:novell:opensuse:libzypp-devel, p-cpe:/a:novell:opensuse:zypper-aptitude, p-cpe:/a:novell:opensuse:zypper, p-cpe:/a:novell:opensuse:yast2-installation

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 1/14/2021

Vulnerability Publication Date: 3/1/2018

Reference Information

CVE: CVE-2017-9271