Name of the Vulnerable Software and Affected Versions libsolv versions prior to 0.7.22 libzypp versions prior to 17.30.0 zypper versions prior to 1.14.52

Description The issue is related to a security relevant fix that hardens package signature checks. This fix ensures that both the header and payload of a package are secured by a valid signature, providing more detailed reporting on which signature is missing. The updates for libsolv, libzypp, and zypper also include various other fixes and improvements, such as reworked choice rule generation, support for strict repository priorities, and fixes for potential hangs and segfaults.

Recommendations For libsolv versions prior to 0.7.22, update to version 0.7.22 or later. For libzypp versions prior to 17.30.0, update to version 17.30.0 or later. For zypper versions prior to 1.14.52, update to version 1.14.52 or later.