Source: libsolv Version: 0.7.37-1 Severity: important Tags: security upstream Forwarded: https://github.com/openSUSE/libsolv/pull/617 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for libsolv. CVE-2026-9149[0]: | A flaw was found in libsolv. This heap buffer overflow vulnerability | occurs when a victim processes a specially crafted `.solv` file | containing negative size values in the `repo_add_solv` function. | This leads to an undersized memory allocation and a subsequent out- | of-bounds write. An attacker could exploit this to cause a denial of | service (DoS). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-9149 https://www.cve.org/CVERecord?id=CVE-2026-9149 [1] https://bugzilla.redhat.com/show_bug.cgi?id=2460380 [2] https://github.com/openSUSE/libsolv/pull/617 [3] https://github.com/openSUSE/libsolv/commit/210386037c892a720972ad35a3d8f7073b4d763b Please adjust the affected versions in the BTS as needed. Regards, Salvatore
