Unsigned Package Retrieval Vulnerability in libzypp
CVE-2017-7436 · HIGH Severity
AV:N/AC:M/AU:N/C:C/I:C/A:C
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
Learn more about our Cis Benchmark Audit For Server Software.