{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for libsolv, libzypp, zypper","title":"Title of the patch"},{"category":"description","text":"This update for libsolv, libzypp, zypper fixes the following issues:\n\nSecurity relevant fix:\n\n- Harden package signature checks (bsc#1184501).\n\nlibsolv update to 0.7.22:\n\n- reworked choice rule generation to cover more usecases\n- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)\n- support parsing of Debian's Multi-Arch indicator\n- fix segfault on conflict resolution when using bindings\n- fix split provides not working if the update includes a forbidden vendor change\n- support strict repository priorities\n  new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY\n- support zstd compressed control files in debian packages\n- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)\n- support setting/reading userdata in solv files\n  new functions: repowriter_set_userdata, solv_read_userdata\n- support queying of the custom vendor check function\n  new function: pool_get_custom_vendorcheck\n- support solv files with an idarray block\n- allow accessing the toolversion at runtime\n\nlibzypp update to 17.30.0:\n\n- ZConfig: Update solver settings if target changes (bsc#1196368)\n- Fix possible hang in singletrans mode (bsc#1197134)\n- Do 2 retries if mount is still busy.\n- Fix package signature check (bsc#1184501)\n  Pay attention that header and payload are secured by a valid\n  signature and report more detailed which signature is missing.\n- Retry umount if device is busy (bsc#1196061, closes #381)\n  A previously released ISO image may need a bit more time to\n  release it's loop device. So we wait a bit and retry.\n- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)\n- Fix handling of ISO media in releaseAll (bsc#1196061)\n- Hint on common ptf resolver conflicts (bsc#1194848)\n- Hint on ptf<>patch resolver conflicts (bsc#1194848)\n\nzypper update to 1.14.52:\n\n- info: print the packages upstream URL if available (fixes #426)\n- info: Fix SEGV with not installed PTFs (bsc#1196317)\n- Don't prevent less restrictive umasks (bsc#1195999)\n","title":"Description of the patch"},{"category":"details","text":"openSUSE-Leap-Micro-5.2-2022-1157","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_1157-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2022:1157-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AYJVCDZFHL3RLKSFHF4ITKBC25PHGJ5K/"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2022:1157-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AYJVCDZFHL3RLKSFHF4ITKBC25PHGJ5K/"},{"category":"self","summary":"SUSE Bug 1184501","url":"https://bugzilla.suse.com/1184501"},{"category":"self","summary":"SUSE Bug 1194848","url":"https://bugzilla.suse.com/1194848"},{"category":"self","summary":"SUSE Bug 1195999","url":"https://bugzilla.suse.com/1195999"},{"category":"self","summary":"SUSE Bug 1196061","url":"https://bugzilla.suse.com/1196061"},{"category":"self","summary":"SUSE Bug 1196317","url":"https://bugzilla.suse.com/1196317"},{"category":"self","summary":"SUSE Bug 1196368","url":"https://bugzilla.suse.com/1196368"},{"category":"self","summary":"SUSE Bug 1196514","url":"https://bugzilla.suse.com/1196514"},{"category":"self","summary":"SUSE Bug 1196925","url":"https://bugzilla.suse.com/1196925"},{"category":"self","summary":"SUSE Bug 1197134","url":"https://bugzilla.suse.com/1197134"}],"title":"Security update for libsolv, libzypp, zypper","tracking":{"current_release_date":"2022-07-14T09:34:29Z","generator":{"date":"2022-07-14T09:34:29Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2022:1157-1","initial_release_date":"2022-07-14T09:34:29Z","revision_history":[{"date":"2022-07-14T09:34:29Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"libsolv-tools-0.7.22-150200.12.1.aarch64","product":{"name":"libsolv-tools-0.7.22-150200.12.1.aarch64","product_id":"libsolv-tools-0.7.22-150200.12.1.aarch64"}},{"category":"product_version","name":"libzypp-17.30.0-150200.36.1.aarch64","product":{"name":"libzypp-17.30.0-150200.36.1.aarch64","product_id":"libzypp-17.30.0-150200.36.1.aarch64"}},{"category":"product_version","name":"zypper-1.14.52-150200.30.2.aarch64","product":{"name":"zypper-1.14.52-150200.30.2.aarch64","product_id":"zypper-1.14.52-150200.30.2.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"zypper-needs-restarting-1.14.52-150200.30.2.noarch","product":{"name":"zypper-needs-restarting-1.14.52-150200.30.2.noarch","product_id":"zypper-needs-restarting-1.14.52-150200.30.2.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"libsolv-tools-0.7.22-150200.12.1.x86_64","product":{"name":"libsolv-tools-0.7.22-150200.12.1.x86_64","product_id":"libsolv-tools-0.7.22-150200.12.1.x86_64"}},{"category":"product_version","name":"libzypp-17.30.0-150200.36.1.x86_64","product":{"name":"libzypp-17.30.0-150200.36.1.x86_64","product_id":"libzypp-17.30.0-150200.36.1.x86_64"}},{"category":"product_version","name":"zypper-1.14.52-150200.30.2.x86_64","product":{"name":"zypper-1.14.52-150200.30.2.x86_64","product_id":"zypper-1.14.52-150200.30.2.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap Micro 5.2","product":{"name":"openSUSE Leap Micro 5.2","product_id":"openSUSE Leap Micro 5.2","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap-micro:5.2"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"libsolv-tools-0.7.22-150200.12.1.aarch64 as component of openSUSE Leap Micro 5.2","product_id":"openSUSE Leap Micro 5.2:libsolv-tools-0.7.22-150200.12.1.aarch64"},"product_reference":"libsolv-tools-0.7.22-150200.12.1.aarch64","relates_to_product_reference":"openSUSE Leap Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"libsolv-tools-0.7.22-150200.12.1.x86_64 as component of openSUSE Leap Micro 5.2","product_id":"openSUSE Leap Micro 5.2:libsolv-tools-0.7.22-150200.12.1.x86_64"},"product_reference":"libsolv-tools-0.7.22-150200.12.1.x86_64","relates_to_product_reference":"openSUSE Leap Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"libzypp-17.30.0-150200.36.1.aarch64 as component of openSUSE Leap Micro 5.2","product_id":"openSUSE Leap Micro 5.2:libzypp-17.30.0-150200.36.1.aarch64"},"product_reference":"libzypp-17.30.0-150200.36.1.aarch64","relates_to_product_reference":"openSUSE Leap Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"libzypp-17.30.0-150200.36.1.x86_64 as component of openSUSE Leap Micro 5.2","product_id":"openSUSE Leap Micro 5.2:libzypp-17.30.0-150200.36.1.x86_64"},"product_reference":"libzypp-17.30.0-150200.36.1.x86_64","relates_to_product_reference":"openSUSE Leap Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"zypper-1.14.52-150200.30.2.aarch64 as component of openSUSE Leap Micro 5.2","product_id":"openSUSE Leap Micro 5.2:zypper-1.14.52-150200.30.2.aarch64"},"product_reference":"zypper-1.14.52-150200.30.2.aarch64","relates_to_product_reference":"openSUSE Leap Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"zypper-1.14.52-150200.30.2.x86_64 as component of openSUSE Leap Micro 5.2","product_id":"openSUSE Leap Micro 5.2:zypper-1.14.52-150200.30.2.x86_64"},"product_reference":"zypper-1.14.52-150200.30.2.x86_64","relates_to_product_reference":"openSUSE Leap Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"zypper-needs-restarting-1.14.52-150200.30.2.noarch as component of openSUSE Leap Micro 5.2","product_id":"openSUSE Leap Micro 5.2:zypper-needs-restarting-1.14.52-150200.30.2.noarch"},"product_reference":"zypper-needs-restarting-1.14.52-150200.30.2.noarch","relates_to_product_reference":"openSUSE Leap Micro 5.2"}]}}