File _patchinfo of Package patchinfo.11598

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.11598

<patchinfo incident="11598">
  <issue tracker="bnc" id="1111319">transactional-update package get's deinstalled</issue>
  <issue tracker="bnc" id="1110542">Zypper resolution prompt appears twice</issue>
  <issue tracker="bnc" id="1109893">Zypper shows no failure on package it cannot install</issue>
  <issue tracker="bnc" id="1113296">zypper addlock will not lock "kernel-default"</issue>
  <issue tracker="bnc" id="1134226">CaaSP 3.0 worker transactional-updates downgrades core components due to invalid (unsigned) repos</issue>
  <issue tracker="bnc" id="1112911">L3-Question: zypper locks display is broken</issue>
  <issue tracker="bnc" id="1137977">zypper rm -t pattern not removing all packages within the pattern</issue>
  <issue tracker="bnc" id="1131823">[SLES15SP1][Build 208.1] Virtualization host upgrade from SLES-15 to SLES-15-SP1 finished with wrong product name shown up</issue>
  <issue tracker="bnc" id="1120631">VUL-1: CVE-2018-20534: libsolv: illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a</issue>
  <issue tracker="bnc" id="1127155">Partner-L3: OES2018 SP1 Update 1: Conflict occured while applying the OES2018 SP1 Update1 patch.</issue>
  <issue tracker="bnc" id="1120629">VUL-1: CVE-2018-20532: libsolv: NULL pointer dereference at ext/testcase.c (function testcase_read)</issue>
  <issue tracker="bnc" id="1120630">VUL-1: CVE-2018-20533: libsolv: NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a</issue>
  <issue tracker="bnc" id="1116995">packagekit leaking file descriptors (and huge log file) ?</issue>
  <issue tracker="bnc" id="1140039">SUMA 3.2 client migration SLES-12-SP3-SAP to SLES-12-SP4-SAP fail. No error messages "file conflicts" in GUI</issue>
  <issue tracker="bnc" id="1049825">zypper bash completion expands non-existing options</issue>
  <issue tracker="bnc" id="1145521">Zypper exiting on SIGPIPE received during package download.</issue>
  <issue tracker="cve" id="2018-20533"/>
  <issue tracker="cve" id="2018-20532"/>
  <issue tracker="cve" id="2018-20534"/>
  <packager>mlandres</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for libsolv, libzypp, zypper</summary>
  <description>This update for libsolv, libzypp and zypper fixes the following issues:

libsolv was updated to version 0.6.36 and fixes the following issues:

Security issues fixed:

- CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629).
- CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630).
- CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631).

Non-security issues fixed:

- Made cleandeps jobs on patterns work (bsc#1137977).
- Fixed an issue multiversion packages that obsolete their own name (bsc#1127155).
- Keep consistent package name if there are multiple alternatives (bsc#1131823).

Fixes for libzypp:

- Fixes a bug where locking the kernel was not possible (bsc#1113296)
- Fixes a file descriptor leak (bsc#1116995)
- Will now run file conflict check on dry-run (best with download-only) (bsc#1140039)

Fixes for zypper:

- Fixes a bug where the wrong exit code was set when refreshing repos if --root was used (bsc#1134226)
- Improved the displaying of locks (bsc#1112911)
- Fixes an issue where `https` repository urls caused an error prompt to appear twice (bsc#1110542)
- zypper will now always warn when no repositories are defined (bsc#1109893)
- Fixes bash completion option detection (bsc#1049825)
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.11598

Places