{"affected":[{"ecosystem_specific":{"binaries":[{"libzypp":"16.17.20-27.52.1","zypper":"1.13.45-18.33.1","zypper-log":"1.13.45-18.33.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-BCL","name":"libzypp","purl":"pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"16.17.20-27.52.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libzypp":"16.17.20-27.52.1","zypper":"1.13.45-18.33.1","zypper-log":"1.13.45-18.33.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-BCL","name":"zypper","purl":"pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.13.45-18.33.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libzypp, zypper provides the following fixes:\n\nUpdate libzypp to version 16.17.20\n\nSecurity issues fixed:\n\n- PackageProvider: Validate delta rpms before caching (bsc#1091624,\n  bsc#1088705, CVE-2018-7685)\n- PackageProvider: Validate downloaded rpm package signatures before\n  caching (bsc#1091624, bsc#1088705, CVE-2018-7685)\n\nOther bugs fixed:\n\n- lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304)\n- Handle http error 502 Bad Gateway in curl backend (bsc#1070851)\n- RepoManager: Explicitly request repo2solv to generate application\n  pseudo packages.\n- libzypp-devel should not require cmake (bsc#1101349)\n- HardLocksFile: Prevent against empty commit without Target having\n  been been loaded (bsc#1096803)\n- Avoid zombie tar processes (bsc#1076192)\n\nUpdate to zypper to version 1.13.45\n\nSecurity issue fixed:\n- Improve signature check callback messages\n  (bsc#1045735, CVE-2017-9269)\n- add/modify repo: Add options to tune the GPG check settings\n  (bsc#1045735, CVE-2017-9269)\n\nOther bugs fixed:\n\n- XML <install-summary> attribute `packages-to-change` added (bsc#1102429)\n- man: Strengthen that `--config FILE' affects zypper.conf,\n  not zypp.conf (bsc#1100028)\n- Prevent nested calls to exit() if aborted by a signal (bsc#1092413)\n- ansi.h: Prevent ESC sequence strings from going out of scope (bsc#1092413)\n- Fix: zypper bash completion expands non-existing options (bsc#1049825)\n- do not recommend cron (bsc#1079334)\n- Improve signature check callback messages (bsc#1045735)\n- add/modify repo: Add options to tune the GPG check settings (bsc#1045735)\n","id":"SUSE-SU-2018:2716-2","modified":"2018-10-18T12:48:52Z","published":"2018-10-18T12:48:52Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20182716-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1036304"},{"type":"REPORT","url":"https://bugzilla.suse.com/1045735"},{"type":"REPORT","url":"https://bugzilla.suse.com/1049825"},{"type":"REPORT","url":"https://bugzilla.suse.com/1070851"},{"type":"REPORT","url":"https://bugzilla.suse.com/1076192"},{"type":"REPORT","url":"https://bugzilla.suse.com/1079334"},{"type":"REPORT","url":"https://bugzilla.suse.com/1088705"},{"type":"REPORT","url":"https://bugzilla.suse.com/1091624"},{"type":"REPORT","url":"https://bugzilla.suse.com/1092413"},{"type":"REPORT","url":"https://bugzilla.suse.com/1096803"},{"type":"REPORT","url":"https://bugzilla.suse.com/1099847"},{"type":"REPORT","url":"https://bugzilla.suse.com/1100028"},{"type":"REPORT","url":"https://bugzilla.suse.com/1101349"},{"type":"REPORT","url":"https://bugzilla.suse.com/1102429"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9269"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7685"}],"related":["CVE-2017-9269","CVE-2018-7685"],"summary":"Security update for libzypp, zypper","upstream":["CVE-2017-9269","CVE-2018-7685"]}