{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for libzypp, zypper","title":"Title of the patch"},{"category":"description","text":"This update for libzypp, zypper, libsolv provides the following fixes:\n\nSecurity fixes in libzypp:\n\n- CVE-2018-7685: PackageProvider: Validate RPMs before caching (bsc#1091624, bsc#1088705)\n- CVE-2017-9269: Be sure bad packages do not stay in the cache (bsc#1045735)\n\nChanges in libzypp:\n\n- Update to version 17.6.4\n- Automatically fetch repository signing key from gpgkey url (bsc#1088037)\n- lsof: use '-K i' if lsof supports it (bsc#1099847,bsc#1036304)\n- Check for not imported keys after multi key import from rpmdb (bsc#1096217)\n- Flags: make it std=c++14 ready\n- Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617)\n- Show GPGME version in log\n- Adapt to changes in libgpgme11-11.1.0 breaking the signature verification (bsc#1100427)\n- RepoInfo::provideKey: add report telling where we look for missing keys.\n- Support listing gpgkey URLs in repo files (bsc#1088037)\n- Add new report to request user approval for importing a package key\n- Handle http error 502 Bad Gateway in curl backend (bsc#1070851)\n- Add filesize check for downloads with known size (bsc#408814)\n- Removed superfluous space in translation (bsc#1102019)\n- Prevent the system from sleeping during a commit\n- RepoManager: Explicitly request repo2solv to generate application pseudo packages.\n- libzypp-devel should not require cmake (bsc#1101349)\n- Avoid zombies from ExternalProgram\n- Update ApiConfig\n- HardLocksFile: Prevent against empty commit without Target having\n  been been loaded (bsc#1096803)\n- lsof: use '-K i' if lsof supports it (bsc#1099847)\n- Add filesize check for downloads with known size (bsc#408814)\n- Fix detection of metalink downloads and prevent aborting if a metalink file\n  is larger than the expected data file.\n- Require libsolv-devel >= 0.6.35 during build (fixing bsc#1100095)\n- Make use of %license macro (bsc#1082318)\n\nSecurity fix in zypper:\n\n- CVE-2017-9269: Improve signature check callback messages (bsc#1045735)\n\nChanges in zypper:\n\n- Always set error status if any nr of unknown repositories are passed to lr and ref (bsc#1093103)\n- Notify user about unsupported rpm V3 keys in an old rpm database (bsc#1096217)\n- Detect read only filesystem on system modifying operations (fixes #199)\n- Use %license (bsc#1082318)\n- Handle repo aliases containing multiple ':' in the PackageArgs parser (bsc #1041178)\n- Fix broken display of detailed query results.\n- Fix broken search for items with a dash. (bsc#907538, bsc#1043166, bsc#1070770)\n- Disable repository operations when searching installed packages. (bsc#1084525)\n- Prevent nested calls to exit() if aborted by a signal. (bsc#1092413)\n- ansi.h: Prevent ESC sequence strings from going out of scope. (bsc#1092413)\n- Fix some translation errors.\n- Support listing gpgkey URLs in repo files (bsc#1088037)\n- Check for root privileges in zypper verify and si (bsc#1058515)\n- XML <install-summary> attribute `packages-to-change` added (bsc#1102429)\n- Add expert (allow-*) options to all installer commands (bsc#428822)\n- Sort search results by multiple columns (bsc#1066215)\n- man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028)\n- Set error status if repositories passed to lr and ref are not known (bsc#1093103)\n- Do not override table style in search\n- Fix out of bound read in MbsIterator\n- Add --supplements switch to search and info\n- Add setter functions for zypp cache related config values to ZConfig\n\nChanges in libsolv:\n\n- convert repo2solv.sh script into a binary tool\n- Make use of %license macro (bsc#1082318)\n","title":"Description of the patch"},{"category":"details","text":"SUSE-SLE-Module-Basesystem-15-2018-1883,SUSE-SLE-Module-Development-Tools-15-2018-1883","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2690-1.json"},{"category":"self","summary":"URL for SUSE-SU-2018:2690-1","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20182690-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2018:2690-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2018-September/004555.html"},{"category":"self","summary":"SUSE Bug 1036304","url":"https://bugzilla.suse.com/1036304"},{"category":"self","summary":"SUSE Bug 1041178","url":"https://bugzilla.suse.com/1041178"},{"category":"self","summary":"SUSE Bug 1043166","url":"https://bugzilla.suse.com/1043166"},{"category":"self","summary":"SUSE Bug 1045735","url":"https://bugzilla.suse.com/1045735"},{"category":"self","summary":"SUSE Bug 1058515","url":"https://bugzilla.suse.com/1058515"},{"category":"self","summary":"SUSE Bug 1066215","url":"https://bugzilla.suse.com/1066215"},{"category":"self","summary":"SUSE Bug 1070770","url":"https://bugzilla.suse.com/1070770"},{"category":"self","summary":"SUSE Bug 1070851","url":"https://bugzilla.suse.com/1070851"},{"category":"self","summary":"SUSE Bug 1082318","url":"https://bugzilla.suse.com/1082318"},{"category":"self","summary":"SUSE Bug 1084525","url":"https://bugzilla.suse.com/1084525"},{"category":"self","summary":"SUSE Bug 1088037","url":"https://bugzilla.suse.com/1088037"},{"category":"self","summary":"SUSE Bug 1088705","url":"https://bugzilla.suse.com/1088705"},{"category":"self","summary":"SUSE Bug 1091624","url":"https://bugzilla.suse.com/1091624"},{"category":"self","summary":"SUSE Bug 1092413","url":"https://bugzilla.suse.com/1092413"},{"category":"self","summary":"SUSE Bug 1093103","url":"https://bugzilla.suse.com/1093103"},{"category":"self","summary":"SUSE Bug 1096217","url":"https://bugzilla.suse.com/1096217"},{"category":"self","summary":"SUSE Bug 1096617","url":"https://bugzilla.suse.com/1096617"},{"category":"self","summary":"SUSE Bug 1096803","url":"https://bugzilla.suse.com/1096803"},{"category":"self","summary":"SUSE Bug 1099847","url":"https://bugzilla.suse.com/1099847"},{"category":"self","summary":"SUSE Bug 1100028","url":"https://bugzilla.suse.com/1100028"},{"category":"self","summary":"SUSE Bug 1100095","url":"https://bugzilla.suse.com/1100095"},{"category":"self","summary":"SUSE Bug 1100427","url":"https://bugzilla.suse.com/1100427"},{"category":"self","summary":"SUSE Bug 1101349","url":"https://bugzilla.suse.com/1101349"},{"category":"self","summary":"SUSE Bug 1102019","url":"https://bugzilla.suse.com/1102019"},{"category":"self","summary":"SUSE Bug 1102429","url":"https://bugzilla.suse.com/1102429"},{"category":"self","summary":"SUSE Bug 408814","url":"https://bugzilla.suse.com/408814"},{"category":"self","summary":"SUSE Bug 428822","url":"https://bugzilla.suse.com/428822"},{"category":"self","summary":"SUSE Bug 907538","url":"https://bugzilla.suse.com/907538"},{"category":"self","summary":"SUSE CVE CVE-2017-9269 page","url":"https://www.suse.com/security/cve/CVE-2017-9269/"},{"category":"self","summary":"SUSE CVE CVE-2018-7685 page","url":"https://www.suse.com/security/cve/CVE-2018-7685/"}],"title":"Security update for libzypp, zypper","tracking":{"current_release_date":"2018-09-11T13:50:37Z","generator":{"date":"2018-09-11T13:50:37Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2018:2690-1","initial_release_date":"2018-09-11T13:50:37Z","revision_history":[{"date":"2018-09-11T13:50:37Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"libsolv-devel-0.6.35-3.5.2.aarch64","product":{"name":"libsolv-devel-0.6.35-3.5.2.aarch64","product_id":"libsolv-devel-0.6.35-3.5.2.aarch64"}},{"category":"product_version","name":"libsolv-tools-0.6.35-3.5.2.aarch64","product":{"name":"libsolv-tools-0.6.35-3.5.2.aarch64","product_id":"libsolv-tools-0.6.35-3.5.2.aarch64"}},{"category":"product_version","name":"libzypp-17.6.4-3.10.1.aarch64","product":{"name":"libzypp-17.6.4-3.10.1.aarch64","product_id":"libzypp-17.6.4-3.10.1.aarch64"}},{"category":"product_version","name":"libzypp-devel-17.6.4-3.10.1.aarch64","product":{"name":"libzypp-devel-17.6.4-3.10.1.aarch64","product_id":"libzypp-devel-17.6.4-3.10.1.aarch64"}},{"category":"product_version","name":"python-solv-0.6.35-3.5.2.aarch64","product":{"name":"python-solv-0.6.35-3.5.2.aarch64","product_id":"python-solv-0.6.35-3.5.2.aarch64"}},{"category":"product_version","name":"zypper-1.14.10-3.7.1.aarch64","product":{"name":"zypper-1.14.10-3.7.1.aarch64","product_id":"zypper-1.14.10-3.7.1.aarch64"}},{"category":"product_version","name":"perl-solv-0.6.35-3.5.2.aarch64","product":{"name":"perl-solv-0.6.35-3.5.2.aarch64","product_id":"perl-solv-0.6.35-3.5.2.aarch64"}},{"category":"product_version","name":"python3-solv-0.6.35-3.5.2.aarch64","product":{"name":"python3-solv-0.6.35-3.5.2.aarch64","product_id":"python3-solv-0.6.35-3.5.2.aarch64"}},{"category":"product_version","name":"ruby-solv-0.6.35-3.5.2.aarch64","product":{"name":"ruby-solv-0.6.35-3.5.2.aarch64","product_id":"ruby-solv-0.6.35-3.5.2.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"zypper-log-1.14.10-3.7.1.noarch","product":{"name":"zypper-log-1.14.10-3.7.1.noarch","product_id":"zypper-log-1.14.10-3.7.1.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"libsolv-devel-0.6.35-3.5.2.ppc64le","product":{"name":"libsolv-devel-0.6.35-3.5.2.ppc64le","product_id":"libsolv-devel-0.6.35-3.5.2.ppc64le"}},{"category":"product_version","name":"libsolv-tools-0.6.35-3.5.2.ppc64le","product":{"name":"libsolv-tools-0.6.35-3.5.2.ppc64le","product_id":"libsolv-tools-0.6.35-3.5.2.ppc64le"}},{"category":"product_version","name":"libzypp-17.6.4-3.10.1.ppc64le","product":{"name":"libzypp-17.6.4-3.10.1.ppc64le","product_id":"libzypp-17.6.4-3.10.1.ppc64le"}},{"category":"product_version","name":"libzypp-devel-17.6.4-3.10.1.ppc64le","product":{"name":"libzypp-devel-17.6.4-3.10.1.ppc64le","product_id":"libzypp-devel-17.6.4-3.10.1.ppc64le"}},{"category":"product_version","name":"python-solv-0.6.35-3.5.2.ppc64le","product":{"name":"python-solv-0.6.35-3.5.2.ppc64le","product_id":"python-solv-0.6.35-3.5.2.ppc64le"}},{"category":"product_version","name":"zypper-1.14.10-3.7.1.ppc64le","product":{"name":"zypper-1.14.10-3.7.1.ppc64le","product_id":"zypper-1.14.10-3.7.1.ppc64le"}},{"category":"product_version","name":"perl-solv-0.6.35-3.5.2.ppc64le","product":{"name":"perl-solv-0.6.35-3.5.2.ppc64le","product_id":"perl-solv-0.6.35-3.5.2.ppc64le"}},{"category":"product_version","name":"python3-solv-0.6.35-3.5.2.ppc64le","product":{"name":"python3-solv-0.6.35-3.5.2.ppc64le","product_id":"python3-solv-0.6.35-3.5.2.ppc64le"}},{"category":"product_version","name":"ruby-solv-0.6.35-3.5.2.ppc64le","product":{"name":"ruby-solv-0.6.35-3.5.2.ppc64le","product_id":"ruby-solv-0.6.35-3.5.2.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"libsolv-devel-0.6.35-3.5.2.s390x","product":{"name":"libsolv-devel-0.6.35-3.5.2.s390x","product_id":"libsolv-devel-0.6.35-3.5.2.s390x"}},{"category":"product_version","name":"libsolv-tools-0.6.35-3.5.2.s390x","product":{"name":"libsolv-tools-0.6.35-3.5.2.s390x","product_id":"libsolv-tools-0.6.35-3.5.2.s390x"}},{"category":"product_version","name":"libzypp-17.6.4-3.10.1.s390x","product":{"name":"libzypp-17.6.4-3.10.1.s390x","product_id":"libzypp-17.6.4-3.10.1.s390x"}},{"category":"product_version","name":"libzypp-devel-17.6.4-3.10.1.s390x","product":{"name":"libzypp-devel-17.6.4-3.10.1.s390x","product_id":"libzypp-devel-17.6.4-3.10.1.s390x"}},{"category":"product_version","name":"python-solv-0.6.35-3.5.2.s390x","product":{"name":"python-solv-0.6.35-3.5.2.s390x","product_id":"python-solv-0.6.35-3.5.2.s390x"}},{"category":"product_version","name":"zypper-1.14.10-3.7.1.s390x","product":{"name":"zypper-1.14.10-3.7.1.s390x","product_id":"zypper-1.14.10-3.7.1.s390x"}},{"category":"product_version","name":"perl-solv-0.6.35-3.5.2.s390x","product":{"name":"perl-solv-0.6.35-3.5.2.s390x","product_id":"perl-solv-0.6.35-3.5.2.s390x"}},{"category":"product_version","name":"python3-solv-0.6.35-3.5.2.s390x","product":{"name":"python3-solv-0.6.35-3.5.2.s390x","product_id":"python3-solv-0.6.35-3.5.2.s390x"}},{"category":"product_version","name":"ruby-solv-0.6.35-3.5.2.s390x","product":{"name":"ruby-solv-0.6.35-3.5.2.s390x","product_id":"ruby-solv-0.6.35-3.5.2.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"libsolv-devel-0.6.35-3.5.2.x86_64","product":{"name":"libsolv-devel-0.6.35-3.5.2.x86_64","product_id":"libsolv-devel-0.6.35-3.5.2.x86_64"}},{"category":"product_version","name":"libsolv-tools-0.6.35-3.5.2.x86_64","product":{"name":"libsolv-tools-0.6.35-3.5.2.x86_64","product_id":"libsolv-tools-0.6.35-3.5.2.x86_64"}},{"category":"product_version","name":"libzypp-17.6.4-3.10.1.x86_64","product":{"name":"libzypp-17.6.4-3.10.1.x86_64","product_id":"libzypp-17.6.4-3.10.1.x86_64"}},{"category":"product_version","name":"libzypp-devel-17.6.4-3.10.1.x86_64","product":{"name":"libzypp-devel-17.6.4-3.10.1.x86_64","product_id":"libzypp-devel-17.6.4-3.10.1.x86_64"}},{"category":"product_version","name":"python-solv-0.6.35-3.5.2.x86_64","product":{"name":"python-solv-0.6.35-3.5.2.x86_64","product_id":"python-solv-0.6.35-3.5.2.x86_64"}},{"category":"product_version","name":"zypper-1.14.10-3.7.1.x86_64","product":{"name":"zypper-1.14.10-3.7.1.x86_64","product_id":"zypper-1.14.10-3.7.1.x86_64"}},{"category":"product_version","name":"perl-solv-0.6.35-3.5.2.x86_64","product":{"name":"perl-solv-0.6.35-3.5.2.x86_64","product_id":"perl-solv-0.6.35-3.5.2.x86_64"}},{"category":"product_version","name":"python3-solv-0.6.35-3.5.2.x86_64","product":{"name":"python3-solv-0.6.35-3.5.2.x86_64","product_id":"python3-solv-0.6.35-3.5.2.x86_64"}},{"category":"product_version","name":"ruby-solv-0.6.35-3.5.2.x86_64","product":{"name":"ruby-solv-0.6.35-3.5.2.x86_64","product_id":"ruby-solv-0.6.35-3.5.2.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Module for Basesystem 15","product":{"name":"SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-basesystem:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Development Tools 15","product":{"name":"SUSE Linux Enterprise Module for Development Tools 15","product_id":"SUSE Linux Enterprise Module for Development Tools 15","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-development-tools:15"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"libsolv-devel-0.6.35-3.5.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.aarch64"},"product_reference":"libsolv-devel-0.6.35-3.5.2.aarch64","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"libsolv-devel-0.6.35-3.5.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.ppc64le"},"product_reference":"libsolv-devel-0.6.35-3.5.2.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"libsolv-devel-0.6.35-3.5.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.s390x"},"product_reference":"libsolv-devel-0.6.35-3.5.2.s390x","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"libsolv-devel-0.6.35-3.5.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.x86_64"},"product_reference":"libsolv-devel-0.6.35-3.5.2.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"libsolv-tools-0.6.35-3.5.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.aarch64"},"product_reference":"libsolv-tools-0.6.35-3.5.2.aarch64","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"libsolv-tools-0.6.35-3.5.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.ppc64le"},"product_reference":"libsolv-tools-0.6.35-3.5.2.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"libsolv-tools-0.6.35-3.5.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.s390x"},"product_reference":"libsolv-tools-0.6.35-3.5.2.s390x","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"libsolv-tools-0.6.35-3.5.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.x86_64"},"product_reference":"libsolv-tools-0.6.35-3.5.2.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"libzypp-17.6.4-3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.aarch64"},"product_reference":"libzypp-17.6.4-3.10.1.aarch64","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"libzypp-17.6.4-3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.ppc64le"},"product_reference":"libzypp-17.6.4-3.10.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"libzypp-17.6.4-3.10.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.s390x"},"product_reference":"libzypp-17.6.4-3.10.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"libzypp-17.6.4-3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.x86_64"},"product_reference":"libzypp-17.6.4-3.10.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"libzypp-devel-17.6.4-3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.aarch64"},"product_reference":"libzypp-devel-17.6.4-3.10.1.aarch64","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"libzypp-devel-17.6.4-3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.ppc64le"},"product_reference":"libzypp-devel-17.6.4-3.10.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"libzypp-devel-17.6.4-3.10.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.s390x"},"product_reference":"libzypp-devel-17.6.4-3.10.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"libzypp-devel-17.6.4-3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.x86_64"},"product_reference":"libzypp-devel-17.6.4-3.10.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"python-solv-0.6.35-3.5.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.aarch64"},"product_reference":"python-solv-0.6.35-3.5.2.aarch64","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"python-solv-0.6.35-3.5.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.ppc64le"},"product_reference":"python-solv-0.6.35-3.5.2.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"python-solv-0.6.35-3.5.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.s390x"},"product_reference":"python-solv-0.6.35-3.5.2.s390x","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"python-solv-0.6.35-3.5.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.x86_64"},"product_reference":"python-solv-0.6.35-3.5.2.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"zypper-1.14.10-3.7.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.aarch64"},"product_reference":"zypper-1.14.10-3.7.1.aarch64","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"zypper-1.14.10-3.7.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.ppc64le"},"product_reference":"zypper-1.14.10-3.7.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"zypper-1.14.10-3.7.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.s390x"},"product_reference":"zypper-1.14.10-3.7.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"zypper-1.14.10-3.7.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.x86_64"},"product_reference":"zypper-1.14.10-3.7.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"zypper-log-1.14.10-3.7.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:zypper-log-1.14.10-3.7.1.noarch"},"product_reference":"zypper-log-1.14.10-3.7.1.noarch","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"},{"category":"default_component_of","full_product_name":{"name":"perl-solv-0.6.35-3.5.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15","product_id":"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.aarch64"},"product_reference":"perl-solv-0.6.35-3.5.2.aarch64","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15"},{"category":"default_component_of","full_product_name":{"name":"perl-solv-0.6.35-3.5.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15","product_id":"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.ppc64le"},"product_reference":"perl-solv-0.6.35-3.5.2.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15"},{"category":"default_component_of","full_product_name":{"name":"perl-solv-0.6.35-3.5.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15","product_id":"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.s390x"},"product_reference":"perl-solv-0.6.35-3.5.2.s390x","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15"},{"category":"default_component_of","full_product_name":{"name":"perl-solv-0.6.35-3.5.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15","product_id":"SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.x86_64"},"product_reference":"perl-solv-0.6.35-3.5.2.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15"},{"category":"default_component_of","full_product_name":{"name":"python3-solv-0.6.35-3.5.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15","product_id":"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.aarch64"},"product_reference":"python3-solv-0.6.35-3.5.2.aarch64","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15"},{"category":"default_component_of","full_product_name":{"name":"python3-solv-0.6.35-3.5.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15","product_id":"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.ppc64le"},"product_reference":"python3-solv-0.6.35-3.5.2.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15"},{"category":"default_component_of","full_product_name":{"name":"python3-solv-0.6.35-3.5.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15","product_id":"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.s390x"},"product_reference":"python3-solv-0.6.35-3.5.2.s390x","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15"},{"category":"default_component_of","full_product_name":{"name":"python3-solv-0.6.35-3.5.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15","product_id":"SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.x86_64"},"product_reference":"python3-solv-0.6.35-3.5.2.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15"},{"category":"default_component_of","full_product_name":{"name":"ruby-solv-0.6.35-3.5.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15","product_id":"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.aarch64"},"product_reference":"ruby-solv-0.6.35-3.5.2.aarch64","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15"},{"category":"default_component_of","full_product_name":{"name":"ruby-solv-0.6.35-3.5.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15","product_id":"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.ppc64le"},"product_reference":"ruby-solv-0.6.35-3.5.2.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15"},{"category":"default_component_of","full_product_name":{"name":"ruby-solv-0.6.35-3.5.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15","product_id":"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.s390x"},"product_reference":"ruby-solv-0.6.35-3.5.2.s390x","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15"},{"category":"default_component_of","full_product_name":{"name":"ruby-solv-0.6.35-3.5.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15","product_id":"SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.x86_64"},"product_reference":"ruby-solv-0.6.35-3.5.2.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15"}]},"vulnerabilities":[{"cve":"CVE-2017-9269","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-9269"}],"notes":[{"category":"general","text":"In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:zypper-log-1.14.10-3.7.1.noarch","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-9269","url":"https://www.suse.com/security/cve/CVE-2017-9269"},{"category":"external","summary":"SUSE Bug 1038984 for CVE-2017-9269","url":"https://bugzilla.suse.com/1038984"},{"category":"external","summary":"SUSE Bug 1045735 for CVE-2017-9269","url":"https://bugzilla.suse.com/1045735"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:zypper-log-1.14.10-3.7.1.noarch","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.7,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","version":"3.0"},"products":["SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:zypper-log-1.14.10-3.7.1.noarch","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.x86_64"]}],"threats":[{"category":"impact","date":"2018-09-11T13:50:37Z","details":"moderate"}],"title":"CVE-2017-9269"},{"cve":"CVE-2018-7685","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-7685"}],"notes":[{"category":"general","text":"The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:zypper-log-1.14.10-3.7.1.noarch","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-7685","url":"https://www.suse.com/security/cve/CVE-2018-7685"},{"category":"external","summary":"SUSE Bug 1045735 for CVE-2018-7685","url":"https://bugzilla.suse.com/1045735"},{"category":"external","summary":"SUSE Bug 1088705 for CVE-2018-7685","url":"https://bugzilla.suse.com/1088705"},{"category":"external","summary":"SUSE Bug 1091624 for CVE-2018-7685","url":"https://bugzilla.suse.com/1091624"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:zypper-log-1.14.10-3.7.1.noarch","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:libsolv-devel-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:libsolv-tools-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:libzypp-17.6.4-3.10.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:libzypp-devel-17.6.4-3.10.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Basesystem 15:python-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.aarch64","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.ppc64le","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.s390x","SUSE Linux Enterprise Module for Basesystem 15:zypper-1.14.10-3.7.1.x86_64","SUSE Linux Enterprise Module for Basesystem 15:zypper-log-1.14.10-3.7.1.noarch","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:perl-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:python3-solv-0.6.35-3.5.2.x86_64","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.aarch64","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.ppc64le","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.s390x","SUSE Linux Enterprise Module for Development Tools 15:ruby-solv-0.6.35-3.5.2.x86_64"]}],"threats":[{"category":"impact","date":"2018-09-11T13:50:37Z","details":"important"}],"title":"CVE-2018-7685"}]}