In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: microfocus
Published: 2017-08-03T00:00:00
Updated: 2021-01-06T16:15:43
Reserved: 2017-04-05T00:00:00
Link: CVE-2017-7436
JSON object: View
NVD Information
Status : Modified
Published: 2018-03-01T20:29:00.693
Modified: 2023-11-07T02:50:08.590
Link: CVE-2017-7436
JSON object: View
Redhat Information
No data.
CWE