Update for libzypp.openSUSE_Leap_15.2_Update, ya... security moderate

Security update for libzypp, zypper

This update for libzypp, zypper fixes the following issues:

Update zypper to version 1.14.41

Update libzypp to 17.25.4

- CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583)
- RepoManager: Force refresh if repo url has changed (bsc#1174016)
- RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966)
- RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427).
- RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat
symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910)
- Fixed update of gpg keys with elongated expire date (bsc#179222)
- needreboot: remove udev from the list (bsc#1179083)
- Fix lsof monitoring (bsc#1179909)

yast-installation was updated to 4.2.48:

- Do not cleanup the libzypp cache when the system has low memory,
incomplete cache confuses libzypp later (bsc#1179415)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Fixed bugs
bnc#1179222
automatic GPG key refresh only works for the FIRST refreshed repository
bnc#1179083
Please update /etc/zypp/needs-reboot (systemd related)
bnc#1178910
libzypp wrong dbpath
bnc#1178966
Partner-L3: How can I keep zypper repository local cache on SLES 12
bnc#1174016
Zypper doesn't enforce refresh when $releasever is present
bnc#1177583
HTTP proxy credentials leaked in multiple places in /var/log
bnc#1050625
VUL-1: CVE-2017-9271: zypper: proxy credentials written to log files
bnc#1177275
zypper: segfault in strcmp via testcase_mangle_repo_names (testcase.c:1832) via zypp::solver::detail::Testcase::createTestcase
bnc#1177238
libzypp/packagekit segfault
bnc#1177427
zypper 1.14(Leap 15.2) unable to chroot-install Leap 42.3
bnc#1179909
zypper remove stuck in SLES-15SP1, libzypp-17.25.1-3.34.10, and zypper-1.14.40-3.25.10
bnc#1179415
[Build :17410:zypper] Failed to cache repo
Selected Binaries
openSUSE Build Service is sponsored by