rpm package

suse/libzypp&distro=SUSE Linux Enterprise Server 12 SP4-LTSS

pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-3200	—	< 16.21.4-2.51.1	16.21.4-2.51.1	May 18, 2021	Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool pool, FILE fp, const char testcase, Queue job, char *resultp, int resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service
CVE-2019-18900	—	< 16.21.2-2.45.1	16.21.2-2.45.1	Jan 24, 2020	: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.
CVE-2019-20387	—	< 16.21.4-2.51.1	16.21.4-2.51.1	Jan 21, 2020	repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.

CVE-2021-3200May 18, 2021
affected < 16.21.4-2.51.1fixed 16.21.4-2.51.1
Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service
CVE-2019-18900Jan 24, 2020
affected < 16.21.2-2.45.1fixed 16.21.2-2.45.1
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.
CVE-2019-20387Jan 21, 2020
affected < 16.21.4-2.51.1fixed 16.21.4-2.51.1
repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.