Synopsis: Low: libsolv security and bug fix update
Advisory ID:       SLSA-2019:2290-1
Issue Date:        2019-08-06
CVE Numbers:       CVE-2018-20534
                   CVE-2018-20532
                   CVE-2018-20533
--

Security Fix(es):

* libsolv: NULL pointer dereference in function testcase_read
(CVE-2018-20532)

* libsolv: NULL pointer dereference in function testcase_str2dep_complex
(CVE-2018-20533)

* libsolv: illegal address access in pool_whatprovides in src/pool.h
(CVE-2018-20534)
--

SL7
  x86_64
    libsolv-0.6.34-4.el7.x86_64.rpm
    libsolv-0.6.34-4.el7.i686.rpm
    libsolv-devel-0.6.34-4.el7.i686.rpm
    libsolv-tools-0.6.34-4.el7.x86_64.rpm
    libsolv-demo-0.6.34-4.el7.x86_64.rpm
    python2-solv-0.6.34-4.el7.x86_64.rpm
    libsolv-devel-0.6.34-4.el7.x86_64.rpm
    libsolv-tools-0.6.34-4.el7.i686.rpm
    libsolv-debuginfo-0.6.34-4.el7.i686.rpm
    libsolv-debuginfo-0.6.34-4.el7.x86_64.rpm

- Scientific Linux Development Team