rpm package
opensuse/zypper&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/zypper&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9269 | — | < 1.14.49-1.2 | 1.14.49-1.2 | Mar 1, 2018 | In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content. | ||
| CVE-2017-7436 | — | < 1.14.49-1.2 | 1.14.49-1.2 | Mar 1, 2018 | In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. |
- CVE-2017-9269Mar 1, 2018affected < 1.14.49-1.2fixed 1.14.49-1.2
In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.
- CVE-2017-7436Mar 1, 2018affected < 1.14.49-1.2fixed 1.14.49-1.2
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.