[SECURITY] [DLA 2132-1] libzypp security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2132-1] libzypp security update
From: "Chris Lamb" <lamby@debian.org>
Date: Tue, 03 Mar 2020 18:33:51 -0800
Message-id: <[🔎] 11b64a5d-dd39-4d8c-b514-46d07322a7b1@sloti26t01>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libzypp
Version        : 14.29.1-2+deb8u1
CVE ID         : CVE-2019-18900

It was discovered that there was an issue where incorrect default
permissions on a HTTP cookie store could have allowed local attackers
to read private credentials.

For Debian 8 "Jessie", this issue has been fixed in libzypp version
14.29.1-2+deb8u1.

We recommend that you upgrade your libzypp packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl5fEtAACgkQHpU+J9Qx
HlhAdg//ffRCqY9gZ3XHXt8JGp+NiL1Ostl9rse/vqmlfBshlJngbXE/ocCJai4X
T2n33u3/8FWlYpJJI0mKygP+Bxt4v0SyrBFEaBavlLWJmmHpgfsggPGOdSBA9vW2
tEqrCFToaTRSE57Y8mao418kMIP6DLHNCSobRSN0UinA/uuC4DGwnIF+y0OMLM1M
gGthC3G5jlGryUwehWDIFR+NIcfVQk3yTcTiz9p8snzDZZlyoLQSdL42J0cuoea/
dySWbRrJHGbww2W+qQdGMhRvo9fgyl+kDZyCUcyeD0g84rX+ez+hipSWp9jrqeA3
flTWdNwgwmRdnUiWpCehSVl/6GR6UI9DfiQGVUwMzIxxfRq3pW870oHPeo42lKHm
UEmx5q+8yFZzHYHgJokf9duEcx6bh6ARSwfOkkQCGwtYdhea0rGGS97rGZGLHSzA
x570cZV3R00ho9XCWiknYD7sFjIFzR9IW6cN1kxfMKZHqn6xhXBHBOeE1Pne6DMz
8vNOk6fmAL1AWu3aeCfVNtAdPcuXr2Z9I7FuRBjZSiK2t8kETzP2ur54iWVbWG4l
0mVafpoJzDX4JSza904YoBOO/i3p2QSryWy2nSgiUwlta69aQZBWxR29OKmZ3Yhl
tgnOQWfB7JYMTItlbV3egZesikHVq3bn/DB6/Y8/AbS3YFUvV9A=
=8WNc
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2117-1] zsh security update
Next by Date: [SECURITY] [DLA 2133-1] tomcat7 security update
Previous by thread: [SECURITY] [DLA 2117-1] zsh security update
Next by thread: [SECURITY] [DLA 2133-1] tomcat7 security update
Index(es):
- Date
- Thread