rpm package
suse/libzypp&distro=SUSE Enterprise Storage 4
pkg:rpm/suse/libzypp&distro=SUSE%20Enterprise%20Storage%204
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-20534 | — | < 16.20.2-27.60.4 | 16.20.2-27.60.4 | Dec 28, 2018 | There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real- | ||
| CVE-2018-20533 | — | < 16.20.2-27.60.4 | 16.20.2-27.60.4 | Dec 28, 2018 | There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. | ||
| CVE-2018-20532 | — | < 16.20.2-27.60.4 | 16.20.2-27.60.4 | Dec 28, 2018 | There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. | ||
| CVE-2018-7685 | — | < 16.17.20-27.52.1 | 16.17.20-27.52.1 | Aug 31, 2018 | The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during downlo | ||
| CVE-2017-9269 | — | < 16.17.20-27.52.1 | 16.17.20-27.52.1 | Mar 1, 2018 | In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content. |
- CVE-2018-20534Dec 28, 2018affected < 16.20.2-27.60.4fixed 16.20.2-27.60.4
There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-
- CVE-2018-20533Dec 28, 2018affected < 16.20.2-27.60.4fixed 16.20.2-27.60.4
There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
- CVE-2018-20532Dec 28, 2018affected < 16.20.2-27.60.4fixed 16.20.2-27.60.4
There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
- CVE-2018-7685Aug 31, 2018affected < 16.17.20-27.52.1fixed 16.17.20-27.52.1
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during downlo
- CVE-2017-9269Mar 1, 2018affected < 16.17.20-27.52.1fixed 16.17.20-27.52.1
In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.