Security update for libzypp, zypper (important)

2017-08-0321:07:44

lists.opensuse.org

0.003 Low

EPSS

Percentile

67.1%

JSON

The Software Update Stack was updated to receive fixes and enhancements.

libzypp:

Security issues fixed:

CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows,
mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984)

Bug fixes:

Re-probe on refresh if the repository type changes. (bsc#1048315)
Propagate proper error code to DownloadProgressReport. (bsc#1047785)
Allow to trigger an appdata refresh unconditionally. (bsc#1009745)
Support custom repo variables defined in /etc/zypp/vars.d.
Adapt loop mounting of ISO images. (bsc#1038132, bsc#1033236)
Fix potential crash if repository has no baseurl. (bsc#1043218)

zypper:

Adapt download callback to report and handle unsigned packages.
(bsc#1038984)
Report missing/optional files as ‘not found’ rather than ‘error’.
(bsc#1047785)
Document support for custom repository variables defined in
/etc/zypp/vars.d.
Emphasize that it depends on how fast PackageKit will respond to a
‘quit’ request sent if PK blocks package management.

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Software Development Kit12.2x86_64libzypp-devel-doc< 16.15.2-27.21.1libzypp-devel-doc-16.15.2-27.21.1.x86_64.rpm
SUSE Linux Enterprise Server12.2x86_64zypper-debugsource< 1.13.30-18.13.3zypper-debugsource-1.13.30-18.13.3.x86_64.rpm
SUSE Linux Enterprise Server12.2s390xlibzypp< 16.15.2-27.21.1libzypp-16.15.2-27.21.1.s390x.rpm
SUSE Linux Enterprise Server12.2ppc64lelibzypp< 16.15.2-27.21.1libzypp-16.15.2-27.21.1.ppc64le.rpm
SUSE Linux Enterprise Software Development Kit12.2x86_64libzypp-debuginfo< 16.15.2-27.21.1libzypp-debuginfo-16.15.2-27.21.1.x86_64.rpm
SUSE Linux Enterprise Server12.2ppc64lelibzypp-debuginfo< 16.15.2-27.21.1libzypp-debuginfo-16.15.2-27.21.1.ppc64le.rpm
SUSE Linux Enterprise Server12.2x86_64libzypp-debugsource< 16.15.2-27.21.1libzypp-debugsource-16.15.2-27.21.1.x86_64.rpm
SUSE Linux Enterprise Server12.2ppc64lezypper-debuginfo< 1.13.30-18.13.3zypper-debuginfo-1.13.30-18.13.3.ppc64le.rpm
SUSE Linux Enterprise Software Development Kit12.2x86_64libzypp-devel< 16.15.2-27.21.1libzypp-devel-16.15.2-27.21.1.x86_64.rpm
SUSE Linux Enterprise Server for Raspberry Pi12.2aarch64zypper< 1.13.30-18.13.3zypper-1.13.30-18.13.3.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Software Development Kit	12.2	x86_64	libzypp-devel-doc	< 16.15.2-27.21.1	libzypp-devel-doc-16.15.2-27.21.1.x86_64.rpm
SUSE Linux Enterprise Server	12.2	x86_64	zypper-debugsource	< 1.13.30-18.13.3	zypper-debugsource-1.13.30-18.13.3.x86_64.rpm
SUSE Linux Enterprise Server	12.2	s390x	libzypp	< 16.15.2-27.21.1	libzypp-16.15.2-27.21.1.s390x.rpm
SUSE Linux Enterprise Server	12.2	ppc64le	libzypp	< 16.15.2-27.21.1	libzypp-16.15.2-27.21.1.ppc64le.rpm
SUSE Linux Enterprise Software Development Kit	12.2	x86_64	libzypp-debuginfo	< 16.15.2-27.21.1	libzypp-debuginfo-16.15.2-27.21.1.x86_64.rpm
SUSE Linux Enterprise Server	12.2	ppc64le	libzypp-debuginfo	< 16.15.2-27.21.1	libzypp-debuginfo-16.15.2-27.21.1.ppc64le.rpm
SUSE Linux Enterprise Server	12.2	x86_64	libzypp-debugsource	< 16.15.2-27.21.1	libzypp-debugsource-16.15.2-27.21.1.x86_64.rpm
SUSE Linux Enterprise Server	12.2	ppc64le	zypper-debuginfo	< 1.13.30-18.13.3	zypper-debuginfo-1.13.30-18.13.3.ppc64le.rpm
SUSE Linux Enterprise Software Development Kit	12.2	x86_64	libzypp-devel	< 16.15.2-27.21.1	libzypp-devel-16.15.2-27.21.1.x86_64.rpm
SUSE Linux Enterprise Server for Raspberry Pi	12.2	aarch64	zypper	< 1.13.30-18.13.3	zypper-1.13.30-18.13.3.aarch64.rpm