Update to libzypp-17.6.2 and zypper-1.14.8 to fix a vulnerability in which a malicious mirror could send infinite amounts of data to Zypper and it will consume it without validating how large the download should be.

How to install

sudo dnf upgrade --advisory=FEDORA-2018-13f9b69e5c

This update has been submitted for testing by ngompa.

2 years ago

ngompa edited this update.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon lobocode commented & provided feedback 2 years ago
karma

works

This update has been submitted for batched by bodhi.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
1
Stable by Time
disabled
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1552594 libzypp-17.6.2 is available
0
0
BZ#1555114 zypper-1.14.8 is available
0
0
BZ#1615232 libzypp: Download of files with infinite size from a malicious mirror
0
0
BZ#1615233 libzypp: Download of files with infinite size from a malicious mirror [fedora-all]
0
0

Automated Test Results