Unsigned Package Retrieval Vulnerability in libzypp

Unsigned Package Retrieval Vulnerability in libzypp

CVE-2017-7436 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.

Learn more about our Cis Benchmark Audit For Server Software.