CVE-2017-7436

Summary

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.

Affected Software

VendorProductVersion RangeStatus
SUSElibzyppunspecified < 20170803affected

Weaknesses

  • Missing UI interaction when using unsigned packages could lead to use of malicious packages.

ADP Enrichment

CVE Program Container

Additional References

References