rpm package
suse/zypper&distro=SUSE Linux Enterprise Desktop 12 SP3
pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-7685 | — | < 1.13.45-21.21.2 | 1.13.45-21.21.2 | Aug 31, 2018 | The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during downlo | ||
| CVE-2017-9269 | — | < 1.13.45-21.21.2 | 1.13.45-21.21.2 | Mar 1, 2018 | In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content. | ||
| CVE-2017-7436 | — | < 1.13.32-21.3.2 | 1.13.32-21.3.2 | Mar 1, 2018 | In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. |
- CVE-2018-7685Aug 31, 2018affected < 1.13.45-21.21.2fixed 1.13.45-21.21.2
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during downlo
- CVE-2017-9269Mar 1, 2018affected < 1.13.45-21.21.2fixed 1.13.45-21.21.2
In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.
- CVE-2017-7436Mar 1, 2018affected < 1.13.32-21.3.2fixed 1.13.32-21.3.2
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.