In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
References
Link | Resource |
---|---|
https://www.suse.com/de-de/security/cve/CVE-2017-7435/ | Vendor Advisory |
https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00002.html | Vendor Advisory |
https://bugzilla.suse.com/show_bug.cgi?id=1009127 | Issue Tracking Third Party Advisory |
Configurations
Information
Published : 2018-03-01 12:29
Updated : 2019-10-09 16:29
NVD link : CVE-2017-7435
Mitre link : CVE-2017-7435
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
opensuse
- libzypp