Critical SUSE Linux update for libzypp & zypper patches 9 security flaws and bugs affecting package management, repository handling, and RPM transactions. Essential for SES 7.1, SLE 15 SP3, MicroOS & Rancher users. Includes patch commands & package list.
Rating: Important
Are you managing a SUSE Linux Enterprise environment? A crucial update has been released for libzypp and zypper, the core engine and command-line interface powering SUSE's renowned package management system.
This important patch addresses nine documented issues, ranging from security enhancements and bug fixes to critical compatibility updates for modern RPM versions.
For system administrators relying on SUSE Linux Enterprise Server, MicroOS, Enterprise Storage, or High-Performance Computing environments, applying this update is essential for maintaining system integrity, security, and reliable software deployment.
Maintaining robust package management security is not optional; it's a fundamental pillar of enterprise IT infrastructure.
This update directly impacts how your systems handle software repositories, execute transactions, and interact with RPM, making it a high-priority installation for all affected products.
What’s Fixed in This Update? Key Issues and Technical Details
This patch (SUSE-RU-2025:02953-1) delivers comprehensive fixes designed to bolster the reliability and security of your software management lifecycle. Let's break down the most significant changes that impact system administrators and developers.
Enhanced Security and Proxy Handling (bsc#1247690): The update fixes the evaluation of libproxy results, ensuring your system correctly handles proxy configurations for repository access. For advanced debugging, verbose logging of these results is now available if the
PX_DEBUG=1environment variable is set.
Improved Repository Management and Mirroring: A critical fix appends the
RepoInfo::path()to mirror URLs in the Preloader (bsc#1247054), resolving potential issues with repository synchronization. Furthermore, the update now allows an explicit request to probe an added repository's URL (bsc#1246466), giving admins more control over repository verification.
RPM Transaction and Compatibility Workarounds: The update introduces a workaround for a known issue where
rpm -vvcould leave scriptlets in/var/tmp(bsc#1218459). It also adds a runtime check for a broken--runpostransfunction in rpm-4.18.0 (bsc#1246149), preventing potential transaction failures.
Modernized Package Obsoletes Logic (bsc#1243486): This is a critical change for developers and package maintainers. Newer RPM versions forbid colons (
:) in package names. The update, requiring libsolv-devel >= 0.7.34, enables the use ofProvides: product-obsoletes(oldproductname) < oldproductversioninstead of the obsoleteObsoletes: product:oldproductnamesyntax for handling product renames, ensuring future compatibility.
Usability and Command Aliases: The
zyppercommand-line tool now accepts "show" as an alias for the "info" command (bsc#1245985), streamlining workflow for users familiar with other package managers.
Affected SUSE Linux Products and Distributions
This update is not for a single product but impacts a wide range of SUSE's enterprise and edge platforms. If you are running any of the following versions, you should plan to apply this patch:
SUSE Linux Enterprise Server 15 SP3 (and LTSS)
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP3 (and LTSS)
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro for Rancher 5.2
This broad scope underscores the centrality of libzypp and zypper within the SUSE ecosystem, affecting everything from large-scale SAP deployments to lightweight container hosts.
Step-by-Step: How to Apply This Patch
Applying this update is straightforward using SUSE's standard tools. The recommended method is to use YaST online_update or the zypper patch command for automated patch management.
For those who need to install the specific patch package, use the following zypper commands tailored to your product:
For SUSE Linux Enterprise Server 15 SP3:
zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2025-2953=1
For SUSE Linux Enterprise High Performance Computing 15 SP3 LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2953=1
For SUSE Enterprise Storage 7.1:
zypper in -t patch SUSE-Storage-7.1-2025-2953=1
For SUSE Linux Enterprise Micro 5.2 / Micro for Rancher 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2953=1
*(Commands for all other affected products are available in the original bulletin.) Always remember to reboot or restart affected services if necessary after applying system-level updates.
Complete Package List and Version Information
The update upgrades key packages to new versions. The core packages included are:
libzypp-17.37.16-150200.171.1zypper-1.14.93-150200.123.2
Depending on your product and architecture (aarch64, ppc64le, s390x, x86_64, noarch), associated debuginfo, debugsource, and devel packages are also updated. For a precise list of every package version for your specific installation, please refer to the official SUSE maintenance web portal.
Frequently Asked Questions (FAQ)
Q: How urgent is this update?
A: With an "important" rating, this update should be applied in a timely manner, ideally during your next scheduled maintenance window. It addresses functional bugs and compatibility issues that could affect system security and stability.
Q: Will this update require a system reboot?
A: Since it updates core system libraries and the package manager itself, a reboot is highly recommended to ensure all running processes use the updated libraries. The zypper-needs-restarting package can help you identify which services need to be restarted.
Q: What is the impact of the libsolv and RPM change?
A: This primarily affects package maintainers and developers. If you build or maintain RPM packages for SUSE that use the old Obsoletes: syntax with a colon, you will need to update your package specs to the new Provides: product-obsoletes() syntax to ensure compatibility with future RPM versions.
Q: Where can I find more details on each bug fix?
A: Each bug fix references a ticket in SUSE's Bugzilla (e.g., bsc#1247690). You can view detailed technical discussions and the history of each issue by visiting https://bugzilla.suse.com/show_bug.cgi?id=[NUMBER].
Conclusion: Proactive system management is the cornerstone of a secure and efficient IT operation.
This update for libzypp and zypper reinforces the foundation of your SUSE Linux deployment, addressing critical vulnerabilities and enhancing functionality. Action this update today to ensure your systems remain stable, secure, and compatible with future software requirements.
Nenhum comentário:
Postar um comentário