Name of the Vulnerable Software and Affected Versions libsolv versions prior to 0.7.22 libzypp versions prior to 17.30.0 zypper versions prior to 1.14.52

Description The issue is related to a security relevant fix that hardens package signature checks. This fix ensures that both the header and payload of a package are secured by a valid signature, providing more detailed reporting on which signature is missing if the check fails. The updates for libsolv, libzypp, and zypper also include various other fixes and enhancements, such as reworked choice rule generation, support for strict repository priorities, and fixes for potential hangs and segfaults.

Recommendations Update libsolv to version 0.7.22 or later. Update libzypp to version 17.30.0 or later. Update zypper to version 1.14.52 or later.