In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2018-03-01T19:00:00Z

Updated: 2024-09-16T19:09:24.691Z

Reserved: 2017-04-05T00:00:00

Link: CVE-2017-7436

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-03-01T20:29:00.693

Modified: 2024-11-21T03:31:53.840

Link: CVE-2017-7436

cve-icon Redhat

No data.