Name of the Vulnerable Software and Affected Versions libsolv versions prior to 0.6.39 libzypp versions prior to 16.22.4

Description The issue concerns memory leaks in SWIG generated code and misparsing of '&' in attributes with libxml2. It also involves fixing split provides not working if the update includes a forbidden vendor change, and resolving segfaults on conflict resolution when using bindings. Additionally, the problem reporting has been improved by not replacing noarch problem rules with arch dependent ones. The pool vendor2mask implementation has been fixed and simplified. There is also an improvement in package signature checks, ensuring that both header and payload are secured by a valid signature, and providing more detailed reports on missing signatures.

Recommendations For libsolv versions prior to 0.6.39, update to version 0.6.39 to fix memory leaks and misparsing issues. For libzypp versions prior to 16.22.4, update to version 16.22.4 to fix package signature checks and improve problem reporting.