This update for libsolv, libzypp, zypper fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable . Bug fixes - Fixed removing orphaned packages dropped by to-be-installed products . - Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules . - Do not enforce "en" being in RequestedLocales If the user decides to have a system without explicit language support he may do so . - Load only target resolvables for zypper rm . - Fix broken search by filelist . - Replace python by a bash script in zypper-log . - Do not sort out requested locales which are not available . - Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element . - XML add patch issue-date and issue-list . - Fix zypper lp --cve/bugzilla/issue options . - Always execute commit when adding/removing locales . - Fix description of --table-style,-s in man page .