Source: libzypp Version: 17.7.0-1 Severity: important Tags: security upstream Forwarded: https://github.com/openSUSE/libzypp/pull/196
Hi, The following vulnerability was published for libzypp. CVE-2019-18900[0]: | : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS | Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise | Server 15 allowed local attackers to read a cookie store used by | libzypp, exposing private cookies. This issue affects: SUSE CaaS | Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux | Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE | Linux Enterprise Server 15 17.19.0-3.34.1. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-18900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18900 [1] https://github.com/openSUSE/libzypp/pull/196 [2] https://bugzilla.suse.com/show_bug.cgi?id=1158763 [3] https://github.com/openSUSE/libzypp/commit/ea50981352bb5c7ab48663edaeb2df1ddd66953e https://github.com/openSUSE/libzypp/commit/508b1201f23b44ee90dee6dbbeb3ac5f8bd4c089 Regards, Salvatore
