CVE-2017-7435

Summary

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.

Affected Software

VendorProductVersion RangeStatus
SUSElibzyppunspecified < 20170803affected

Weaknesses

  • Missing UI interaction when adding untrusted repositories could lead to use of unsigned package repositories.

ADP Enrichment

CVE Program Container

Additional References

References