Detections
Analytics
openSUSE Security Update : libsolv / libzypp / zypper (openSUSE-2020-255)
low Nessus Plugin ID 134156
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
This update for libsolv, libzypp, zypper fixes the following issues :Security issue fixed :
- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).
Bug fixes
- Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819).
- Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198).
- Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678).
- Load only target resolvables for zypper rm (bsc#1157377).
- Fix broken search by filelist (bsc#1135114).
- Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158).
- Do not sort out requested locales which are not available (bsc#1155678).
- Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805).
- XML add patch issue-date and issue-list (bsc#1154805).
- Fix zypper lp --cve/bugzilla/issue options (bsc#1155298).
- Always execute commit when adding/removing locales (fixes bsc#1155205).
- Fix description of --table-style,-s in man page (bsc#1154804).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Solution
Update the affected libsolv / libzypp / zypper packages.See Also
https://bugzilla.opensuse.org/show_bug.cgi?id=1135114
https://bugzilla.opensuse.org/show_bug.cgi?id=1154804
https://bugzilla.opensuse.org/show_bug.cgi?id=1154805
https://bugzilla.opensuse.org/show_bug.cgi?id=1155198
https://bugzilla.opensuse.org/show_bug.cgi?id=1155205
https://bugzilla.opensuse.org/show_bug.cgi?id=1155298
https://bugzilla.opensuse.org/show_bug.cgi?id=1155678
https://bugzilla.opensuse.org/show_bug.cgi?id=1155819
https://bugzilla.opensuse.org/show_bug.cgi?id=1156158
Plugin Details
Severity: Low
ID: 134156
File Name: openSUSE-2020-255.nasl
Version: 1.3
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 2/28/2020
Updated: 3/25/2024
Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 1.4
CVSS v2
Risk Factor: Low
Base Score: 2.1
Temporal Score: 1.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2019-18900
CVSS v3
Risk Factor: Low
Base Score: 3.3
Temporal Score: 2.9
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:libsolv-debuginfo, p-cpe:/a:novell:opensuse:libsolv-debugsource, p-cpe:/a:novell:opensuse:libsolv-demo, p-cpe:/a:novell:opensuse:libsolv-demo-debuginfo, p-cpe:/a:novell:opensuse:libsolv-devel, p-cpe:/a:novell:opensuse:libsolv-devel-debuginfo, p-cpe:/a:novell:opensuse:libsolv-tools, p-cpe:/a:novell:opensuse:libsolv-tools-debuginfo, p-cpe:/a:novell:opensuse:libzypp, p-cpe:/a:novell:opensuse:libzypp-debuginfo, p-cpe:/a:novell:opensuse:libzypp-debugsource, p-cpe:/a:novell:opensuse:libzypp-devel, p-cpe:/a:novell:opensuse:perl-solv, p-cpe:/a:novell:opensuse:perl-solv-debuginfo, p-cpe:/a:novell:opensuse:python-solv, p-cpe:/a:novell:opensuse:python-solv-debuginfo, p-cpe:/a:novell:opensuse:python3-solv, p-cpe:/a:novell:opensuse:python3-solv-debuginfo, p-cpe:/a:novell:opensuse:ruby-solv, p-cpe:/a:novell:opensuse:ruby-solv-debuginfo, p-cpe:/a:novell:opensuse:zypper, p-cpe:/a:novell:opensuse:zypper-aptitude, p-cpe:/a:novell:opensuse:zypper-debuginfo, p-cpe:/a:novell:opensuse:zypper-debugsource, p-cpe:/a:novell:opensuse:zypper-log, p-cpe:/a:novell:opensuse:zypper-needs-restarting, cpe:/o:novell:opensuse:15.1
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 2/27/2020
Vulnerability Publication Date: 1/24/2020
Reference Information
CVE: CVE-2019-18900