Name of the Vulnerable Software and Affected Versions libsolv versions prior to 0.7.22 libzypp versions prior to 17.30.0 zypper versions prior to 1.14.52

Description The issue is related to a security relevant fix that hardens package signature checks. This fix ensures that both the header and payload of a package are secured by a valid signature, providing more detailed reporting of missing signatures. The update also includes various other fixes and improvements for libsolv, libzypp, and zypper, such as reworked choice rule generation, support for strict repository priorities, and fixes for potential hangs and segfaults.

Recommendations Update libsolv to version 0.7.22 or later. Update libzypp to version 17.30.0 or later. Update zypper to version 1.14.52 or later. As a temporary workaround, consider disabling the package signature check until a patch is available, but this is not recommended as it may reduce the security of the system.