Security update for libzypp, zypper (moderate)

An update that solves one vulnerability and has 11 fixes is
now available.

Description:

This update for libzypp, zypper fixes the following issues:

Update zypper to version 1.14.41

Update libzypp to 17.25.4

• CVE-2017-9271: Fixed information leak in the log file (bsc#1050625
  bsc#1177583)
• RepoManager: Force refresh if repo url has changed (bsc#1174016)
• RepoManager: Carefully tidy up the caches. Remove non-directory entries.
  (bsc#1178966)
• RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe
  (bsc#1177427).
• RpmDb: If no database exists use the _dbpath configured in rpm. Still
  makes sure a compat symlink at /var/lib/rpm exists in case the
  configures _dbpath is elsewhere. (bsc#1178910)
• Fixed update of gpg keys with elongated expire date (bsc#179222)
• needreboot: remove udev from the list (bsc#1179083)
• Fix lsof monitoring (bsc#1179909)

yast-installation was updated to 4.2.48:

• Do not cleanup the libzypp cache when the system has low memory,
  incomplete cache confuses libzypp later (bsc#1179415)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.2:

  zypper in -t patch openSUSE-2021-59=1