| Release | Version |
|---|---|
| bullseye | 17.25.7-1 |
| bookworm | 17.25.7-2.4 |
| trixie | 17.36.7-1 |
| forky | 17.38.14-1 |
| sid | 17.38.14-1 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2026-44942 | vulnerable | vulnerable | vulnerable (no DSA) | fixed | fixed | A path traversal in handling the "path" component of .repo files proce ... |
| CVE-2026-44941 | vulnerable | vulnerable | vulnerable (no DSA) | fixed | fixed | A relative path traversal in the "keyhint" option in repomd.xml parsin ... |
| CVE-2026-25707 | vulnerable | vulnerable | vulnerable (no DSA) | fixed | fixed | A relative path traversal bug problem when processing repository metad ... |
| Bug | Description |
|---|---|
| CVE-2019-18900 | : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS ... |
| CVE-2018-7685 | The decoupled download and installation steps in libzypp before 17.5.0 ... |
| CVE-2017-9271 | The commandline package update tool zypper writes HTTP proxy credentia ... |
| CVE-2017-9269 | In libzypp before August 2018 GPG keys attached to YUM repositories we ... |
| CVE-2017-7436 | In libzypp before 20170803 it was possible to retrieve unsigned packag ... |
| CVE-2017-7435 | In libzypp before 20170803 it was possible to add unsigned YUM reposit ... |
| CVE-2013-3704 | The RPM GPG key import and handling feature in libzypp 12.15.0 and ear ... |
| DSA / DLA | Description |
|---|---|
| DLA-2132-1 | libzypp - security update |