openSUSE Security Update : libzypp / zypper (openSUSE-2017-1009)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The Software Update Stack was updated to receive fixes and
enhancements.

libzypp :

- Adapt to work with GnuPG 2.1.23. (bsc#1054088)

- Support signing with subkeys. (bsc#1008325)

- Enhance sort order for media.1/products. (bsc#1054671)

zypper :

- Also show a gpg key's subkeys. (bsc#1008325)

- Improve signature check callback messages. (bsc#1045735)

- Add options to tune the GPG check settings.
(bsc#1045735)

- Adapt download callback to report and handle unsigned
packages. (bsc#1038984, CVE-2017-7436)

- Report missing/optional files as 'not found' rather than
'error'. (bsc#1047785)

This update was imported from the SUSE:SLE-12-SP3:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1008325
https://bugzilla.opensuse.org/show_bug.cgi?id=1038984
https://bugzilla.opensuse.org/show_bug.cgi?id=1045735
https://bugzilla.opensuse.org/show_bug.cgi?id=1047785
https://bugzilla.opensuse.org/show_bug.cgi?id=1054088
https://bugzilla.opensuse.org/show_bug.cgi?id=1054671
https://bugzilla.opensuse.org/show_bug.cgi?id=1055920

Solution :

Update the affected libzypp / zypper packages.

Risk factor :

High

Family: SuSE Local Security Checks

Nessus Plugin ID: 102965 ()

Bugtraq ID:

CVE ID: CVE-2017-7436

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now