Overview

File _patchinfo of Package patchinfo.17410

<patchinfo incident="17410">
  <issue tracker="bnc" id="1179222">automatic GPG key refresh only works for the FIRST refreshed repository</issue>
  <issue tracker="bnc" id="1179083">Please update /etc/zypp/needs-reboot (systemd related)</issue>
  <issue tracker="bnc" id="1178910">libzypp wrong dbpath</issue>
  <issue tracker="bnc" id="1178966">Partner-L3: How can I keep zypper repository local cache on SLES 12</issue>
  <issue tracker="bnc" id="1174016">Zypper doesn't enforce refresh when $releasever is present</issue>
  <issue tracker="bnc" id="1177583">HTTP proxy credentials leaked in multiple places in /var/log</issue>
  <issue tracker="bnc" id="1050625">VUL-1: CVE-2017-9271: zypper: proxy credentials written to log files</issue>
  <issue tracker="bnc" id="1177275">zypper: segfault in strcmp via testcase_mangle_repo_names (testcase.c:1832) via zypp::solver::detail::Testcase::createTestcase</issue>
  <issue tracker="bnc" id="1177238">libzypp/packagekit segfault</issue>
  <issue tracker="bnc" id="1177427">zypper 1.14(Leap 15.2) unable to chroot-install Leap 42.3</issue>
  <issue tracker="bnc" id="1179909">zypper remove stuck in SLES-15SP1, libzypp-17.25.1-3.34.10, and zypper-1.14.40-3.25.10</issue>
  <issue tracker="bnc" id="1179415">[Build :17410:zypper] Failed to cache repo</issue>
  <issue tracker="cve" id="2017-9271"/>
  <packager>mlandres</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for libzypp, zypper</summary>
  <description>This update for libzypp, zypper fixes the following issues:

Update zypper to version 1.14.41

Update libzypp to 17.25.4

- CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583)
- RepoManager: Force refresh if repo url has changed (bsc#1174016)
- RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966)
- RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427).
- RpmDb: If no database exists use the _dbpath configured in rpm.  Still makes sure a compat
  symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910)
- Fixed update of gpg keys with elongated expire date (bsc#179222)
- needreboot: remove udev from the list (bsc#1179083)
- Fix lsof monitoring (bsc#1179909)

yast-installation was updated to 4.2.48:

- Do not cleanup the libzypp cache when the system has low memory,
  incomplete cache confuses libzypp later (bsc#1179415)

</description>
<zypp_restart_needed/>
</patchinfo>
openSUSE Build Service is sponsored by
Places