CentOS Errata and Security Advisory CESA-2019:2290
The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm.
libsolv: NULL pointer dereference in function testcase_read (CVE-2018-20532)
libsolv: NULL pointer dereference in function testcase_str2dep_complex (CVE-2018-20533)
libsolv: illegal address access in pool_whatprovides in src/pool.h (CVE-2018-20534)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-cr-announce/2019-August/005963.html
Affected packages: libsolv libsolv-demo libsolv-devel libsolv-tools python2-solv
Upstream details at: