CVE-2012-0420

Name of the Vulnerable Software and Affected Versions SUSE Zypper versions prior to 1.3.20 SUSE Zypper versions 1.6.x prior to 1.6.166

Description The issue allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPP LOCKFILE ROOT environment variable.

Recommendations For SUSE Zypper versions prior to 1.3.20, update to version 1.3.20 or later. For SUSE Zypper versions 1.6.x prior to 1.6.166, update to version 1.6.166 or later.