Описание
In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | DNE | |
| cosmic | not-affected | 17.6.1-1 |
| devel | not-affected | 17.6.1-1 |
| disco | not-affected | 17.6.1-1 |
| eoan | not-affected | 17.6.1-1 |
| esm-apps/focal | not-affected | 17.6.1-1 |
| esm-apps/jammy | not-affected | 17.6.1-1 |
| esm-apps/noble | not-affected | 17.6.1-1 |
| esm-apps/xenial | needed |
Показывать по
Ссылки на источники
7.5 High
CVSS2
7.7 High
CVSS3
Связанные уязвимости
In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.
In libzypp before August 2018 GPG keys attached to YUM repositories we ...
In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.
7.5 High
CVSS2
7.7 High
CVSS3