First published: Thu Mar 01 2018(Updated: )
In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
Credit: meissner@suse.de
Affected Software | Affected Version | How to fix |
---|---|---|
Opensuse Libzypp | <=16.15.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-7435 is a vulnerability in libzypp that allowed the addition of unsigned YUM repositories without warning, potentially allowing man-in-the-middle attacks or injection of malicious RPM packages.
CVE-2017-7435 affects Opensuse Libzypp versions up to and including 16.15.2.
CVE-2017-7435 has a severity rating of 8.1 (Critical).
To fix CVE-2017-7435, update libzypp to a version after 20170803.
More information about CVE-2017-7435 can be found at the following references: [1] [2] [3]