CVE-2017-7435
8.1
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SUSE | libzypp | unspecified < 20170803 | affected |
Weaknesses
- Missing UI interaction when adding untrusted repositories could lead to use of unsigned package repositories.
ADP Enrichment
CVE Program Container
Additional References
- https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00002.html
- https://www.suse.com/de-de/security/cve/CVE-2017-7435/
- https://bugzilla.suse.com/show_bug.cgi?id=1009127
References
- https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00002.html
- https://www.suse.com/de-de/security/cve/CVE-2017-7435/
- https://bugzilla.suse.com/show_bug.cgi?id=1009127
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.