SUSE-SU-2021:2145-1

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2019-20387 CVE-2021-3200

Published: 23 Jun 2021, 14:51

Last modified:04 Feb 2026, 04:13

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

23 Jun 2021, 14:51

Published

Vulnerability first disclosed

04 Feb 2026, 04:13

Last Modified

Vulnerability information updated

Description

Security update for libsolv This update for libsolv fixes the following issues: Security issues fixed: - CVE-2019-20387: Fixed heap-buffer-overflow in repodata_schema2id (bsc#1161510) - CVE-2021-3200: testcase_read: error out if repos are added or the system is changed too late (bsc#1186229) Other issues fixed: - backport support for blacklisted packages to support ptf packages and retracted patches - fix ruleinfo of complex dependencies returning the wrong origin - fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason - fix add_complex_recommends() selecting conflicted packages in rare cases - fix potential segfault in resolve_jobrules - fix solv_zchunk decoding error if large chunks are used

Affected Systems

suse•libsolv&distro=SUSE Linux Enterprise Server 12 SP2-BCL
< 0.6.37-2.27.24.1
suse•libzypp&distro=SUSE Linux Enterprise Server 12 SP2-BCL
< 16.21.4-27.75.1

SUSE-SU-2021:2145-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)