[SECURITY] [DLA 2132-1] libzypp security update

2020-03-0402:33:51

lists.debian.org

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

3.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Package : libzypp
Version : 14.29.1-2+deb8u1
CVE ID : CVE-2019-18900

It was discovered that there was an issue where incorrect default
permissions on a HTTP cookie store could have allowed local attackers
to read private credentials.

For Debian 8 "Jessie", this issue has been fixed in libzypp version
14.29.1-2+deb8u1.

We recommend that you upgrade your libzypp packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian8amd64libzypp-dbg< 14.29.1-2+deb8u1libzypp-dbg_14.29.1-2+deb8u1_amd64.deb
Debian8alllibzypp-common< 14.29.1-2+deb8u1libzypp-common_14.29.1-2+deb8u1_all.deb
Debian8alllibzypp< 14.29.1-2+deb8u1libzypp_14.29.1-2+deb8u1_all.deb
Debian8amd64libzypp-dev< 14.29.1-2+deb8u1libzypp-dev_14.29.1-2+deb8u1_amd64.deb
Debian8alllibzypp-config< 14.29.1-2+deb8u1libzypp-config_14.29.1-2+deb8u1_all.deb
Debian8amd64libzypp< 14.29.1-2+deb8u1libzypp_14.29.1-2+deb8u1_amd64.deb
Debian8amd64libzypp-bin< 14.29.1-2+deb8u1libzypp-bin_14.29.1-2+deb8u1_amd64.deb
Debian8i386libzypp-dbg< 14.29.1-2+deb8u1libzypp-dbg_14.29.1-2+deb8u1_i386.deb
Debian8alllibzypp-doc< 14.29.1-2+deb8u1libzypp-doc_14.29.1-2+deb8u1_all.deb
Debian8i386libzypp-dev< 14.29.1-2+deb8u1libzypp-dev_14.29.1-2+deb8u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	amd64	libzypp-dbg	< 14.29.1-2+deb8u1	libzypp-dbg_14.29.1-2+deb8u1_amd64.deb
Debian	8	all	libzypp-common	< 14.29.1-2+deb8u1	libzypp-common_14.29.1-2+deb8u1_all.deb
Debian	8	all	libzypp	< 14.29.1-2+deb8u1	libzypp_14.29.1-2+deb8u1_all.deb
Debian	8	amd64	libzypp-dev	< 14.29.1-2+deb8u1	libzypp-dev_14.29.1-2+deb8u1_amd64.deb
Debian	8	all	libzypp-config	< 14.29.1-2+deb8u1	libzypp-config_14.29.1-2+deb8u1_all.deb
Debian	8	amd64	libzypp	< 14.29.1-2+deb8u1	libzypp_14.29.1-2+deb8u1_amd64.deb
Debian	8	amd64	libzypp-bin	< 14.29.1-2+deb8u1	libzypp-bin_14.29.1-2+deb8u1_amd64.deb
Debian	8	i386	libzypp-dbg	< 14.29.1-2+deb8u1	libzypp-dbg_14.29.1-2+deb8u1_i386.deb
Debian	8	all	libzypp-doc	< 14.29.1-2+deb8u1	libzypp-doc_14.29.1-2+deb8u1_all.deb
Debian	8	i386	libzypp-dev	< 14.29.1-2+deb8u1	libzypp-dev_14.29.1-2+deb8u1_i386.deb