libsolv, python2 security update

ID CESA-2019:2290
Type centos
Reporter CentOS Project
Modified 2019-08-30T03:28:50


CentOS Errata and Security Advisory CESA-2019:2290

The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm.

Security Fix(es):

  • libsolv: NULL pointer dereference in function testcase_read (CVE-2018-20532)

  • libsolv: NULL pointer dereference in function testcase_str2dep_complex (CVE-2018-20533)

  • libsolv: illegal address access in pool_whatprovides in src/pool.h (CVE-2018-20534)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Merged security bulletin from advisories:

Affected packages: libsolv libsolv-demo libsolv-devel libsolv-tools python2-solv

Upstream details at: