CVE-2017-9269

Summary

In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.

Affected Software

VendorProductVersion RangeStatus
SUSElibzyppunspecified < 201808affected

Weaknesses

  • Malicious mirrors could downgrade repositories from trusted signed repositories to unsigned malicious repositories.
  • CWE-757: CWE-757

ADP Enrichment

CVE Program Container

Additional References

References