{"schema_version":"1.7.2","id":"OESA-2022-1569","modified":"2022-03-12T11:03:37Z","published":"2022-03-12T11:03:37Z","upstream":["CVE-2021-44568","CVE-2021-44571","CVE-2021-44577","CVE-2021-44573","CVE-2021-44574","CVE-2021-44576","CVE-2021-44569","CVE-2021-44575"],"summary":"libsolv security update","details":"A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks:\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nTwo heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 \u0026amp; line 1995), which could cause a remote Denial of Service.(CVE-2021-44568)\r\n\r\nA heap overflow vulnerability exisfts in openSUSE libsolv through 13 Dec 2020 in the prefer_suggested function at src/policy.c: line 442.(CVE-2021-44571)\r\n\r\nTwo heap-overflow vulnerabilities exist in openSUSE libsolv through 13 Dec 2020 bugs in the propagate function at src/solver.c: line 490 and 524.(CVE-2021-44577)\r\n\r\nTwo heap overflow vulnerabilities exist in oenSUSE libsolv through 13 Dec 2020 in the resolve_installed function at src/solver.c: line 1728 \u0026amp; 1766.(CVE-2021-44573)\r\n\r\nA heap-overflow vulnerability exists in openSUSE libsolv through 13 Dec 2020 in the resolve_jobrules function at src/solver.c at line 1599.(CVE-2021-44574)\r\n\r\nTwo memory vulnerabilities exists in openSUSE libsolv through 13 Dec 2020 in the resolve_weak function at src/solver.c: line 2222 and 2249.(CVE-2021-44576)\r\n\r\nA heap-buffer openSUSE libsolv through 13 Dec 2020 exists in the solver_solve function at src/solver.c: line 3445.(CVE-2021-44569)\r\n\r\nTwo heap-overflow vulnerabilities exists in openSUSE libsolv through 13 Dec 2020 in the makeruledecisions function at src/solver.c: line 147 and 307.(CVE-2021-44575)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"libsolv","purl":"pkg:rpm/openEuler/libsolv\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.7.14-5.oe1"}]}],"ecosystem_specific":{"aarch64":["libsolv-debuginfo-0.7.14-5.oe1.aarch64.rpm","libsolv-0.7.14-5.oe1.aarch64.rpm","libsolv-debugsource-0.7.14-5.oe1.aarch64.rpm","ruby-solv-0.7.14-5.oe1.aarch64.rpm","python3-solv-0.7.14-5.oe1.aarch64.rpm","perl-solv-0.7.14-5.oe1.aarch64.rpm","libsolv-devel-0.7.14-5.oe1.aarch64.rpm"],"noarch":["libsolv-help-0.7.14-5.oe1.noarch.rpm"],"src":["libsolv-0.7.14-5.oe1.src.rpm"],"x86_64":["libsolv-0.7.14-5.oe1.x86_64.rpm","libsolv-debugsource-0.7.14-5.oe1.x86_64.rpm","libsolv-devel-0.7.14-5.oe1.x86_64.rpm","libsolv-debuginfo-0.7.14-5.oe1.x86_64.rpm","perl-solv-0.7.14-5.oe1.x86_64.rpm","ruby-solv-0.7.14-5.oe1.x86_64.rpm","python3-solv-0.7.14-5.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP2","name":"libsolv","purl":"pkg:rpm/openEuler/libsolv\u0026distro=openEuler-20.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.7.14-6.oe1"}]}],"ecosystem_specific":{"aarch64":["ruby-solv-0.7.14-6.oe1.aarch64.rpm","libsolv-debugsource-0.7.14-6.oe1.aarch64.rpm","python3-solv-0.7.14-6.oe1.aarch64.rpm","libsolv-debuginfo-0.7.14-6.oe1.aarch64.rpm","libsolv-0.7.14-6.oe1.aarch64.rpm","libsolv-devel-0.7.14-6.oe1.aarch64.rpm","perl-solv-0.7.14-6.oe1.aarch64.rpm"],"noarch":["libsolv-help-0.7.14-6.oe1.noarch.rpm"],"src":["libsolv-0.7.14-6.oe1.src.rpm"],"x86_64":["libsolv-devel-0.7.14-6.oe1.x86_64.rpm","ruby-solv-0.7.14-6.oe1.x86_64.rpm","libsolv-debuginfo-0.7.14-6.oe1.x86_64.rpm","python3-solv-0.7.14-6.oe1.x86_64.rpm","libsolv-debugsource-0.7.14-6.oe1.x86_64.rpm","libsolv-0.7.14-6.oe1.x86_64.rpm","perl-solv-0.7.14-6.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"libsolv","purl":"pkg:rpm/openEuler/libsolv\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.7.14-6.oe1"}]}],"ecosystem_specific":{"aarch64":["perl-solv-0.7.14-6.oe1.aarch64.rpm","libsolv-debuginfo-0.7.14-6.oe1.aarch64.rpm","ruby-solv-0.7.14-6.oe1.aarch64.rpm","libsolv-debugsource-0.7.14-6.oe1.aarch64.rpm","python3-solv-0.7.14-6.oe1.aarch64.rpm","libsolv-devel-0.7.14-6.oe1.aarch64.rpm","libsolv-0.7.14-6.oe1.aarch64.rpm"],"noarch":["libsolv-help-0.7.14-6.oe1.noarch.rpm"],"src":["libsolv-0.7.14-6.oe1.src.rpm"],"x86_64":["libsolv-debugsource-0.7.14-6.oe1.x86_64.rpm","libsolv-0.7.14-6.oe1.x86_64.rpm","libsolv-devel-0.7.14-6.oe1.x86_64.rpm","perl-solv-0.7.14-6.oe1.x86_64.rpm","libsolv-debuginfo-0.7.14-6.oe1.x86_64.rpm","python3-solv-0.7.14-6.oe1.x86_64.rpm","ruby-solv-0.7.14-6.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1569"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44568"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44571"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44577"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44573"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44574"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44576"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44569"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44575"}],"database_specific":{"severity":"High"}}