In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: microfocus
Published: 2018-03-01T19:00:00Z
Updated: 2024-09-16T19:09:24.691Z
Reserved: 2017-04-05T00:00:00
Link: CVE-2017-7436
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-03-01T20:29:00.693
Modified: 2024-11-21T03:31:53.840
Link: CVE-2017-7436
Redhat
No data.