Security update for zypper, libzypp and libsolv SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1927-1 Final 1 1 2019-08-18T08:33:33Z current 2019-08-18T08:33:33Z 2019-08-18T08:33:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for zypper, libzypp and libsolv This update for libzypp and libsolv fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c (function testcase_read) (bsc#1120629). - CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a (bsc#1120630). - CVE-2018-20534: Fixed illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a (bsc#1120631). Fixed bugs and enhancements: - make cleandeps jobs on patterns work (bnc#1137977) - Fixed an issue where libsolv failed to build against swig 4.0 by updating the version to 0.7.5 (bsc#1135749). - Virtualization host upgrade from SLES-15 to SLES-15-SP1 finished with wrong product name shown up (bsc#1131823). - Copy pattern categories from the rpm that defines the pattern (fate#323785). - Enhance scanning /sys for modaliases (bsc#1130161). - Prevent SEGV if the application sets an empty TextLocale (bsc#1127026). - Handle libgpgme error when gpg key is not completely read and user hits CTRL + C (bsc#1127220). - Added a hint when registration codes have expired (bsc#965786). - Adds a better handling of an error when verifying any repository medium (bsc#1065022). - Will now only write type field when probing (bsc#1114908). - Fixes an issue where zypper has showed the info message 'Installation aborted by user' while the installation was aborted by wicked (bsc#978193). - Suppresses reporting `/memfd:` pseudo files (bsc#1123843). - Fixes an issue where zypper was not able to install or uninstall packages when rpm is unavailable (bsc#1122471). - Fixes an issue where locks were ignored (bsc#1113296). - Simplify complex locks so zypper can display them (bsc#1112911). - zypper will now set `SYSTEMD_OFFLINE=1` during chrooted commits (bsc#1118758). - no-recommends: Nevertheless consider resolver namespaces (hardware, language,..supporting packages) (fate#325513). - Removes world-readable bit from /var/log/zypp (bsc#1099019). - Does no longer fail service-refresh on a empty repoindex.xml (bsc#1116840). - Fixes soname due to libsolv ABI changes (bsc#1115341). - Add infrastructure to flag specific packages to trigger a reboot needed hint (fate#326451). This update for zypper 1.14.27 fixes the following issues: - bash-completion: add package completion for addlock (bsc#1047962) - bash-completion: fix incorrect detection of command names (bsc#1049826) - Offer to change the 'runSearchPackages' config option at the prompt (bsc#1119373, FATE#325599) - Prompt: provide a 'yes/no/always/never' prompt. - Prompt: support '#NUM' as answer to select the NUMth option... - Augeas: enable writing back changed option values (to ~/.zypper.conf) - removelocale: fix segfault - Move needs-restarting command to subpackage (fixes #254) - Allow empty string as argument (bsc#1125415) - Provide a way to delete cache for volatile repositories (bsc#1053177) - Adapt to boost-1.69 requiring explicit casts tribool->bool (fixes #255) - Show support status in info if not unknown (bsc#764147) - Fix installing plain rpm files with `zypper in` (bsc#1124897) - Show only required info in the summary in quiet mode (bsc#993025) - Stay with legacy behavior and return ZYPPER_EXIT_INF_REBOOT_NEEDED only for patches. We don't extend this return code to packages, although they may also carry the 'reboot-needed' attribute. The preferred way to test whether the system needs to be rebooted is `zypper needs-rebooting`. (openSUSE/zypper#237) - Skip repository on error (bsc#1123967) - New commands for locale management: locales addlocale removelocale Inspect and manipulate the systems `requested locales`, aka. the languages software packages should try support by installing translations, dictionaries and tools, as far as they are available. - Don't throw, just warn if options are repeated (bsc#1123865) - Fix detection whether stdout is a tty (happened too late) - Fix broken --plus-content switch (fixes bsc#1123681) - Fix broken --replacefiles switch (fixes bsc#1123137) - Extend zypper source-install (fixes bsc#663358) - Fix inconsistent results for search (bsc#1119873) - Show reboot hint in zypper ps and summary (fixes bsc#1120263) - Improve handling of partially locked packages (bsc#1113296) - Fix wrong default values in help text (bsc#1121611) - Fixed broken argument parsing for --reposd-dir (bsc#1122062) - Fix wrong zypp::indeterminate use (bsc#1120463) - CLI parser: fix broken initialization enforcing 'select by name' (bsc#1119820) - zypper.conf: [commit] autoAgreeWithLicenses {=false} (fixes #220) - locks: Fix printing of versioned locks (bsc#1112911) - locks: create and write versioned locks correctly (bsc#1112911) - patch: --with update may implicitly assume --with-optional (bsc#1102261) - no-recommends: Nevertheless consider resolver namespaces (hardware, language,..supporting packages) (FATE#325513) - Optionally run 'zypper search-packages' after 'search' (FATE#325599) - zypper.conf: Add [search]runSearchPackages config variable. - Don't iterate twice on --no-cd (bsc#1111319) - zypper-log: Make it Python 3 compatible - man: mention /etc/zypp/needreboot config file (fate#326451, fixes #140) - Add `needs-restarting` shell script and manpage (fate#326451) - Add zypper needs-rebooting command (fate#326451) - Introduce new zypper command framefork. Migrated commands so far: addlock addrepo addservice clean cleanlocks modifyrepo modifyservice ps refresh refresh-services removelock removerepo removeservice renamerepo repos services - MediaChangeReport: fix https URLs causing 2 prompts on error (bsc#1110542) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1927 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html E-Mail link for openSUSE-SU-2019:1927-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1047962 SUSE Bug 1047962 https://bugzilla.suse.com/1049826 SUSE Bug 1049826 https://bugzilla.suse.com/1053177 SUSE Bug 1053177 https://bugzilla.suse.com/1065022 SUSE Bug 1065022 https://bugzilla.suse.com/1099019 SUSE Bug 1099019 https://bugzilla.suse.com/1102261 SUSE Bug 1102261 https://bugzilla.suse.com/1110542 SUSE Bug 1110542 https://bugzilla.suse.com/1111319 SUSE Bug 1111319 https://bugzilla.suse.com/1112911 SUSE Bug 1112911 https://bugzilla.suse.com/1113296 SUSE Bug 1113296 https://bugzilla.suse.com/1114908 SUSE Bug 1114908 https://bugzilla.suse.com/1115341 SUSE Bug 1115341 https://bugzilla.suse.com/1116840 SUSE Bug 1116840 https://bugzilla.suse.com/1118758 SUSE Bug 1118758 https://bugzilla.suse.com/1119373 SUSE Bug 1119373 https://bugzilla.suse.com/1119820 SUSE Bug 1119820 https://bugzilla.suse.com/1119873 SUSE Bug 1119873 https://bugzilla.suse.com/1120263 SUSE Bug 1120263 https://bugzilla.suse.com/1120463 SUSE Bug 1120463 https://bugzilla.suse.com/1120629 SUSE Bug 1120629 https://bugzilla.suse.com/1120630 SUSE Bug 1120630 https://bugzilla.suse.com/1120631 SUSE Bug 1120631 https://bugzilla.suse.com/1121611 SUSE Bug 1121611 https://bugzilla.suse.com/1122062 SUSE Bug 1122062 https://bugzilla.suse.com/1122471 SUSE Bug 1122471 https://bugzilla.suse.com/1123137 SUSE Bug 1123137 https://bugzilla.suse.com/1123681 SUSE Bug 1123681 https://bugzilla.suse.com/1123843 SUSE Bug 1123843 https://bugzilla.suse.com/1123865 SUSE Bug 1123865 https://bugzilla.suse.com/1123967 SUSE Bug 1123967 https://bugzilla.suse.com/1124897 SUSE Bug 1124897 https://bugzilla.suse.com/1125415 SUSE Bug 1125415 https://bugzilla.suse.com/1127026 SUSE Bug 1127026 https://bugzilla.suse.com/1127155 SUSE Bug 1127155 https://bugzilla.suse.com/1127220 SUSE Bug 1127220 https://bugzilla.suse.com/1130161 SUSE Bug 1130161 https://bugzilla.suse.com/1131823 SUSE Bug 1131823 https://bugzilla.suse.com/1135749 SUSE Bug 1135749 https://bugzilla.suse.com/1137977 SUSE Bug 1137977 https://bugzilla.suse.com/663358 SUSE Bug 663358 https://bugzilla.suse.com/764147 SUSE Bug 764147 https://bugzilla.suse.com/965786 SUSE Bug 965786 https://bugzilla.suse.com/978193 SUSE Bug 978193 https://bugzilla.suse.com/993025 SUSE Bug 993025 https://www.suse.com/security/cve/CVE-2018-20532/ SUSE CVE CVE-2018-20532 page https://www.suse.com/security/cve/CVE-2018-20533/ SUSE CVE CVE-2018-20533 page https://www.suse.com/security/cve/CVE-2018-20534/ SUSE CVE CVE-2018-20534 page openSUSE Leap 15.0 PackageKit-1.1.10-lp150.11.1 PackageKit-backend-zypp-1.1.10-lp150.11.1 PackageKit-branding-upstream-1.1.10-lp150.11.1 PackageKit-devel-1.1.10-lp150.11.1 PackageKit-gstreamer-plugin-1.1.10-lp150.11.1 PackageKit-gtk3-module-1.1.10-lp150.11.1 PackageKit-lang-1.1.10-lp150.11.1 libpackagekit-glib2-18-1.1.10-lp150.11.1 libpackagekit-glib2-18-32bit-1.1.10-lp150.11.1 libpackagekit-glib2-devel-1.1.10-lp150.11.1 libpackagekit-glib2-devel-32bit-1.1.10-lp150.11.1 libsolv-demo-0.7.5-lp150.7.1 libsolv-devel-0.7.5-lp150.7.1 libsolv-tools-0.7.5-lp150.7.1 libyui-ncurses-pkg-devel-2.48.5.2-lp150.7.1 libyui-ncurses-pkg8-2.48.5.2-lp150.7.1 libyui-qt-pkg-devel-2.45.15.2-lp150.7.1 libyui-qt-pkg8-2.45.15.2-lp150.7.1 libzypp-17.12.0-lp150.2.13.1 libzypp-devel-17.12.0-lp150.2.13.1 libzypp-devel-doc-17.12.0-lp150.2.13.1 perl-solv-0.7.5-lp150.7.1 python-solv-0.7.5-lp150.7.1 python3-solv-0.7.5-lp150.7.1 ruby-solv-0.7.5-lp150.7.1 typelib-1_0-PackageKitGlib-1_0-1.1.10-lp150.11.1 yast2-pkg-bindings-4.0.13-lp150.2.13.1 zypper-1.14.28-lp150.2.13.1 zypper-aptitude-1.14.28-lp150.2.13.1 zypper-log-1.14.28-lp150.2.13.1 zypper-needs-restarting-1.14.28-lp150.2.13.1 PackageKit-1.1.10-lp150.11.1 as a component of openSUSE Leap 15.0 PackageKit-backend-zypp-1.1.10-lp150.11.1 as a component of openSUSE Leap 15.0 PackageKit-branding-upstream-1.1.10-lp150.11.1 as a component of openSUSE Leap 15.0 PackageKit-devel-1.1.10-lp150.11.1 as a component of openSUSE Leap 15.0 PackageKit-gstreamer-plugin-1.1.10-lp150.11.1 as a component of openSUSE Leap 15.0 PackageKit-gtk3-module-1.1.10-lp150.11.1 as a component of openSUSE Leap 15.0 PackageKit-lang-1.1.10-lp150.11.1 as a component of openSUSE Leap 15.0 libpackagekit-glib2-18-1.1.10-lp150.11.1 as a component of openSUSE Leap 15.0 libpackagekit-glib2-18-32bit-1.1.10-lp150.11.1 as a component of openSUSE Leap 15.0 libpackagekit-glib2-devel-1.1.10-lp150.11.1 as a component of openSUSE Leap 15.0 libpackagekit-glib2-devel-32bit-1.1.10-lp150.11.1 as a component of openSUSE Leap 15.0 libsolv-demo-0.7.5-lp150.7.1 as a component of openSUSE Leap 15.0 libsolv-devel-0.7.5-lp150.7.1 as a component of openSUSE Leap 15.0 libsolv-tools-0.7.5-lp150.7.1 as a component of openSUSE Leap 15.0 libyui-ncurses-pkg-devel-2.48.5.2-lp150.7.1 as a component of openSUSE Leap 15.0 libyui-ncurses-pkg8-2.48.5.2-lp150.7.1 as a component of openSUSE Leap 15.0 libyui-qt-pkg-devel-2.45.15.2-lp150.7.1 as a component of openSUSE Leap 15.0 libyui-qt-pkg8-2.45.15.2-lp150.7.1 as a component of openSUSE Leap 15.0 libzypp-17.12.0-lp150.2.13.1 as a component of openSUSE Leap 15.0 libzypp-devel-17.12.0-lp150.2.13.1 as a component of openSUSE Leap 15.0 libzypp-devel-doc-17.12.0-lp150.2.13.1 as a component of openSUSE Leap 15.0 perl-solv-0.7.5-lp150.7.1 as a component of openSUSE Leap 15.0 python-solv-0.7.5-lp150.7.1 as a component of openSUSE Leap 15.0 python3-solv-0.7.5-lp150.7.1 as a component of openSUSE Leap 15.0 ruby-solv-0.7.5-lp150.7.1 as a component of openSUSE Leap 15.0 typelib-1_0-PackageKitGlib-1_0-1.1.10-lp150.11.1 as a component of openSUSE Leap 15.0 yast2-pkg-bindings-4.0.13-lp150.2.13.1 as a component of openSUSE Leap 15.0 zypper-1.14.28-lp150.2.13.1 as a component of openSUSE Leap 15.0 zypper-aptitude-1.14.28-lp150.2.13.1 as a component of openSUSE Leap 15.0 zypper-log-1.14.28-lp150.2.13.1 as a component of openSUSE Leap 15.0 zypper-needs-restarting-1.14.28-lp150.2.13.1 as a component of openSUSE Leap 15.0 There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. CVE-2018-20532 openSUSE Leap 15.0:PackageKit-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-backend-zypp-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-branding-upstream-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-devel-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-gstreamer-plugin-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-gtk3-module-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-lang-1.1.10-lp150.11.1 openSUSE Leap 15.0:libpackagekit-glib2-18-1.1.10-lp150.11.1 openSUSE Leap 15.0:libpackagekit-glib2-18-32bit-1.1.10-lp150.11.1 openSUSE Leap 15.0:libpackagekit-glib2-devel-1.1.10-lp150.11.1 openSUSE Leap 15.0:libpackagekit-glib2-devel-32bit-1.1.10-lp150.11.1 openSUSE Leap 15.0:libsolv-demo-0.7.5-lp150.7.1 openSUSE Leap 15.0:libsolv-devel-0.7.5-lp150.7.1 openSUSE Leap 15.0:libsolv-tools-0.7.5-lp150.7.1 openSUSE Leap 15.0:libyui-ncurses-pkg-devel-2.48.5.2-lp150.7.1 openSUSE Leap 15.0:libyui-ncurses-pkg8-2.48.5.2-lp150.7.1 openSUSE Leap 15.0:libyui-qt-pkg-devel-2.45.15.2-lp150.7.1 openSUSE Leap 15.0:libyui-qt-pkg8-2.45.15.2-lp150.7.1 openSUSE Leap 15.0:libzypp-17.12.0-lp150.2.13.1 openSUSE Leap 15.0:libzypp-devel-17.12.0-lp150.2.13.1 openSUSE Leap 15.0:libzypp-devel-doc-17.12.0-lp150.2.13.1 openSUSE Leap 15.0:perl-solv-0.7.5-lp150.7.1 openSUSE Leap 15.0:python-solv-0.7.5-lp150.7.1 openSUSE Leap 15.0:python3-solv-0.7.5-lp150.7.1 openSUSE Leap 15.0:ruby-solv-0.7.5-lp150.7.1 openSUSE Leap 15.0:typelib-1_0-PackageKitGlib-1_0-1.1.10-lp150.11.1 openSUSE Leap 15.0:yast2-pkg-bindings-4.0.13-lp150.2.13.1 openSUSE Leap 15.0:zypper-1.14.28-lp150.2.13.1 openSUSE Leap 15.0:zypper-aptitude-1.14.28-lp150.2.13.1 openSUSE Leap 15.0:zypper-log-1.14.28-lp150.2.13.1 openSUSE Leap 15.0:zypper-needs-restarting-1.14.28-lp150.2.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html https://www.suse.com/security/cve/CVE-2018-20532.html CVE-2018-20532 https://bugzilla.suse.com/1120629 SUSE Bug 1120629 There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. CVE-2018-20533 openSUSE Leap 15.0:PackageKit-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-backend-zypp-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-branding-upstream-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-devel-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-gstreamer-plugin-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-gtk3-module-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-lang-1.1.10-lp150.11.1 openSUSE Leap 15.0:libpackagekit-glib2-18-1.1.10-lp150.11.1 openSUSE Leap 15.0:libpackagekit-glib2-18-32bit-1.1.10-lp150.11.1 openSUSE Leap 15.0:libpackagekit-glib2-devel-1.1.10-lp150.11.1 openSUSE Leap 15.0:libpackagekit-glib2-devel-32bit-1.1.10-lp150.11.1 openSUSE Leap 15.0:libsolv-demo-0.7.5-lp150.7.1 openSUSE Leap 15.0:libsolv-devel-0.7.5-lp150.7.1 openSUSE Leap 15.0:libsolv-tools-0.7.5-lp150.7.1 openSUSE Leap 15.0:libyui-ncurses-pkg-devel-2.48.5.2-lp150.7.1 openSUSE Leap 15.0:libyui-ncurses-pkg8-2.48.5.2-lp150.7.1 openSUSE Leap 15.0:libyui-qt-pkg-devel-2.45.15.2-lp150.7.1 openSUSE Leap 15.0:libyui-qt-pkg8-2.45.15.2-lp150.7.1 openSUSE Leap 15.0:libzypp-17.12.0-lp150.2.13.1 openSUSE Leap 15.0:libzypp-devel-17.12.0-lp150.2.13.1 openSUSE Leap 15.0:libzypp-devel-doc-17.12.0-lp150.2.13.1 openSUSE Leap 15.0:perl-solv-0.7.5-lp150.7.1 openSUSE Leap 15.0:python-solv-0.7.5-lp150.7.1 openSUSE Leap 15.0:python3-solv-0.7.5-lp150.7.1 openSUSE Leap 15.0:ruby-solv-0.7.5-lp150.7.1 openSUSE Leap 15.0:typelib-1_0-PackageKitGlib-1_0-1.1.10-lp150.11.1 openSUSE Leap 15.0:yast2-pkg-bindings-4.0.13-lp150.2.13.1 openSUSE Leap 15.0:zypper-1.14.28-lp150.2.13.1 openSUSE Leap 15.0:zypper-aptitude-1.14.28-lp150.2.13.1 openSUSE Leap 15.0:zypper-log-1.14.28-lp150.2.13.1 openSUSE Leap 15.0:zypper-needs-restarting-1.14.28-lp150.2.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html https://www.suse.com/security/cve/CVE-2018-20533.html CVE-2018-20533 https://bugzilla.suse.com/1120630 SUSE Bug 1120630 ** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application. CVE-2018-20534 openSUSE Leap 15.0:PackageKit-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-backend-zypp-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-branding-upstream-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-devel-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-gstreamer-plugin-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-gtk3-module-1.1.10-lp150.11.1 openSUSE Leap 15.0:PackageKit-lang-1.1.10-lp150.11.1 openSUSE Leap 15.0:libpackagekit-glib2-18-1.1.10-lp150.11.1 openSUSE Leap 15.0:libpackagekit-glib2-18-32bit-1.1.10-lp150.11.1 openSUSE Leap 15.0:libpackagekit-glib2-devel-1.1.10-lp150.11.1 openSUSE Leap 15.0:libpackagekit-glib2-devel-32bit-1.1.10-lp150.11.1 openSUSE Leap 15.0:libsolv-demo-0.7.5-lp150.7.1 openSUSE Leap 15.0:libsolv-devel-0.7.5-lp150.7.1 openSUSE Leap 15.0:libsolv-tools-0.7.5-lp150.7.1 openSUSE Leap 15.0:libyui-ncurses-pkg-devel-2.48.5.2-lp150.7.1 openSUSE Leap 15.0:libyui-ncurses-pkg8-2.48.5.2-lp150.7.1 openSUSE Leap 15.0:libyui-qt-pkg-devel-2.45.15.2-lp150.7.1 openSUSE Leap 15.0:libyui-qt-pkg8-2.45.15.2-lp150.7.1 openSUSE Leap 15.0:libzypp-17.12.0-lp150.2.13.1 openSUSE Leap 15.0:libzypp-devel-17.12.0-lp150.2.13.1 openSUSE Leap 15.0:libzypp-devel-doc-17.12.0-lp150.2.13.1 openSUSE Leap 15.0:perl-solv-0.7.5-lp150.7.1 openSUSE Leap 15.0:python-solv-0.7.5-lp150.7.1 openSUSE Leap 15.0:python3-solv-0.7.5-lp150.7.1 openSUSE Leap 15.0:ruby-solv-0.7.5-lp150.7.1 openSUSE Leap 15.0:typelib-1_0-PackageKitGlib-1_0-1.1.10-lp150.11.1 openSUSE Leap 15.0:yast2-pkg-bindings-4.0.13-lp150.2.13.1 openSUSE Leap 15.0:zypper-1.14.28-lp150.2.13.1 openSUSE Leap 15.0:zypper-aptitude-1.14.28-lp150.2.13.1 openSUSE Leap 15.0:zypper-log-1.14.28-lp150.2.13.1 openSUSE Leap 15.0:zypper-needs-restarting-1.14.28-lp150.2.13.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html https://www.suse.com/security/cve/CVE-2018-20534.html CVE-2018-20534 https://bugzilla.suse.com/1120631 SUSE Bug 1120631