First Last Prev Next    This bug is not in your last search results.
Bug 1120630 - (CVE-2018-20533) VUL-1: CVE-2018-20533: libsolv: NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a
(CVE-2018-20533)
VUL-1: CVE-2018-20533: libsolv: NULL pointer dereference at ext/testcase.c (f...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/221946/
CVSSv2:NVD:CVE-2018-20533:4.3:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-01-03 12:10 UTC by Karol Babioch
Modified: 2021-06-02 14:45 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2019-01-03 12:10:20 UTC 
There is a NULL pointer dereference at ext/testcase.c (function
testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that
will cause a denial of service.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20533
Comment 9 Swamp Workflow Management 2019-07-25 16:12:12 UTC 
SUSE-SU-2019:1972-1: An update that solves three vulnerabilities and has 9 fixes is now available.

Category: security (moderate)
Bug References: 1109893,1110542,1111319,1112911,1113296,1120629,1120630,1120631,1127155,1131823,1134226,1137977
CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534
Sources used:
SUSE OpenStack Cloud 8 (src):    libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4
SUSE Linux Enterprise Server 12-SP5 (src):    libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4
SUSE Linux Enterprise Server 12-SP4 (src):    libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4
SUSE Linux Enterprise Desktop 12-SP5 (src):    libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4
SUSE Linux Enterprise Desktop 12-SP4 (src):    libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4
SUSE Enterprise Storage 5 (src):    libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4
SUSE CaaS Platform 3.0 (src):    libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2019-07-31 22:13:40 UTC 
SUSE-SU-2019:2030-1: An update that solves three vulnerabilities and has 41 fixes is now available.

Category: security (moderate)
Bug References: 1047962,1049826,1053177,1065022,1099019,1102261,1110542,1111319,1112911,1113296,1114908,1115341,1116840,1118758,1119373,1119820,1119873,1120263,1120463,1120629,1120630,1120631,1121611,1122062,1122471,1123137,1123681,1123843,1123865,1123967,1124897,1125415,1127026,1127155,1127220,1130161,1131823,1135749,1137977,663358,764147,965786,978193,993025
CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    PackageKit-1.1.10-4.10.4
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    libsolv-0.7.5-3.12.2, libyui-ncurses-pkg-2.48.5.2-3.5.2, libyui-qt-pkg-2.45.15.2-3.5.3, libzypp-17.12.0-3.23.6, zypper-1.14.28-3.18.6
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    PackageKit-1.1.10-4.10.4, libsolv-0.7.5-3.12.2, libzypp-17.12.0-3.23.6, yast2-pkg-bindings-devel-doc-4.0.13-3.7.2, zypper-1.14.28-3.18.6
SUSE Linux Enterprise Module for Development Tools 15 (src):    libsolv-0.7.5-3.12.2
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    PackageKit-1.1.10-4.10.4, libyui-qt-pkg-2.45.15.2-3.5.3
SUSE Linux Enterprise Module for Basesystem 15 (src):    libsolv-0.7.5-3.12.2, libyui-ncurses-pkg-2.48.5.2-3.5.2, libyui-ncurses-pkg-doc-2.48.5.2-3.5.3, libyui-qt-pkg-2.45.15.2-3.5.3, libyui-qt-pkg-doc-2.45.15.2-3.5.3, libzypp-17.12.0-3.23.6, yast2-pkg-bindings-4.0.13-3.7.2, zypper-1.14.28-3.18.6
SUSE Linux Enterprise Installer 15 (src):    libsolv-0.7.5-3.12.2, libyui-ncurses-pkg-2.48.5.2-3.5.2, libyui-qt-pkg-2.45.15.2-3.5.3, libzypp-17.12.0-3.23.6, yast2-pkg-bindings-4.0.13-3.7.2, zypper-1.14.28-3.18.6

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2019-08-18 13:14:47 UTC 
openSUSE-SU-2019:1927-1: An update that solves three vulnerabilities and has 41 fixes is now available.

Category: security (moderate)
Bug References: 1047962,1049826,1053177,1065022,1099019,1102261,1110542,1111319,1112911,1113296,1114908,1115341,1116840,1118758,1119373,1119820,1119873,1120263,1120463,1120629,1120630,1120631,1121611,1122062,1122471,1123137,1123681,1123843,1123865,1123967,1124897,1125415,1127026,1127155,1127220,1130161,1131823,1135749,1137977,663358,764147,965786,978193,993025
CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534
Sources used:
openSUSE Leap 15.0 (src):    PackageKit-1.1.10-lp150.11.1, libsolv-0.7.5-lp150.7.1, libyui-ncurses-pkg-2.48.5.2-lp150.7.1, libyui-qt-pkg-2.45.15.2-lp150.7.1, libzypp-17.12.0-lp150.2.13.1, yast2-pkg-bindings-4.0.13-lp150.2.13.1, zypper-1.14.28-lp150.2.13.1
Comment 12 Swamp Workflow Management 2019-09-02 10:35:25 UTC 
SUSE-SU-2019:2265-1: An update that solves three vulnerabilities and has 13 fixes is now available.

Category: security (moderate)
Bug References: 1049825,1109893,1110542,1111319,1112911,1113296,1116995,1120629,1120630,1120631,1127155,1131823,1134226,1137977,1140039,1145521
CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2
SUSE OpenStack Cloud 8 (src):    libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2
SUSE OpenStack Cloud 7 (src):    libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2
SUSE Linux Enterprise Server 12-SP4 (src):    libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2
SUSE Linux Enterprise Server 12-SP3-BCL (src):    libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2
SUSE Linux Enterprise Server 12-SP2-BCL (src):    libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2
SUSE Linux Enterprise Desktop 12-SP4 (src):    libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2
SUSE Enterprise Storage 5 (src):    libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2
SUSE Enterprise Storage 4 (src):    libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2
SUSE CaaS Platform 3.0 (src):    libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2
HPE Helion Openstack 8 (src):    libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2019-10-22 16:56:01 UTC 
SUSE-RU-2019:2742-1: An update that solves three vulnerabilities and has 18 fixes is now available.

Category: recommended (important)
Bug References: 1049825,1116995,1120629,1120630,1120631,1127155,1127608,1130306,1131113,1131823,1134226,1135749,1137977,1139795,1140039,1145521,1146027,1146415,1146947,1153557,859480
CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    PackageKit-1.1.10-12.3.5
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src):    libsolv-0.7.6-3.7.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    PackageKit-1.1.10-12.3.5, libsolv-0.7.6-3.7.2, libzypp-17.15.0-3.9.1, yast2-pkg-bindings-devel-doc-4.1.2-3.3.5, zypper-1.14.30-3.7.2
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    libsolv-0.7.6-3.7.2
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    PackageKit-1.1.10-12.3.5, libyui-qt-pkg-2.45.27-3.3.5
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    libsolv-0.7.6-3.7.2, libyui-ncurses-pkg-2.48.9-7.3.5, libyui-ncurses-pkg-doc-2.48.9-7.3.3, libyui-qt-pkg-2.45.27-3.3.5, libyui-qt-pkg-doc-2.45.27-3.3.3, libzypp-17.15.0-3.9.1, yast2-pkg-bindings-4.1.2-3.3.5, zypper-1.14.30-3.7.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2019-10-27 23:24:33 UTC 
openSUSE-RU-2019:2391-1: An update that solves three vulnerabilities and has 18 fixes is now available.

Category: recommended (important)
Bug References: 1049825,1116995,1120629,1120630,1120631,1127155,1127608,1130306,1131113,1131823,1134226,1135749,1137977,1139795,1140039,1145521,1146027,1146415,1146947,1153557,859480
CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534
Sources used:
openSUSE Leap 15.1 (src):    PackageKit-1.1.10-lp151.8.6.1, libsolv-0.7.6-lp151.2.3.2, libyui-ncurses-pkg-2.48.9-lp151.2.3.1, libyui-ncurses-pkg-doc-2.48.9-lp151.2.3.1, libyui-qt-pkg-2.45.27-lp151.2.3.1, libyui-qt-pkg-doc-2.45.27-lp151.2.3.1, libzypp-17.15.0-lp151.2.3.2, yast2-pkg-bindings-4.1.2-lp151.2.3.1, yast2-pkg-bindings-devel-doc-4.1.2-lp151.2.3.1, zypper-1.14.30-lp151.2.3.1
Comment 15 Swamp Workflow Management 2020-09-16 19:16:01 UTC 
SUSE-SU-2020:2660-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1120629,1120630,1120631,1127155,1131823,1137977
CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    libsolv-0.6.36-2.30.1
SUSE OpenStack Cloud Crowbar 8 (src):    libsolv-0.6.36-2.30.1
SUSE OpenStack Cloud 9 (src):    libsolv-0.6.36-2.30.1
SUSE OpenStack Cloud 8 (src):    libsolv-0.6.36-2.30.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    libsolv-0.6.36-2.30.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    libsolv-0.6.36-2.30.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    libsolv-0.6.36-2.30.1
SUSE Linux Enterprise Server 12-SP5 (src):    libsolv-0.6.36-2.30.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    libsolv-0.6.36-2.30.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    libsolv-0.6.36-2.30.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    libsolv-0.6.36-2.30.1
SUSE Enterprise Storage 5 (src):    libsolv-0.6.36-2.30.1
HPE Helion Openstack 8 (src):    libsolv-0.6.36-2.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Wolfgang Frisch 2020-10-19 16:21:06 UTC 
Released.
First Last Prev Next    This bug is not in your last search results.