4 matches found
CVE-2013-3704
The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a...
openSUSE Security Update : libzypp (openSUSE-SU-2013:1432-1)
libzypp was adjusted to enhance the RPM GPG key import/handling to avoid a problem with multiple key blobs. Attackers able to supplying a repository could let the packagemanager show another keys fingerprint while a second one was actually used to sign the repository CVE-2013-3704. %NASLMINLEVEL...
openSUSE Security Update : libzypp (openSUSE-SU-2013:1433-1)
libzypp was adjusted to enhance the RPM GPG key import/handling to avoid a problem with multiple key blobs. Attackers able to supplying a repository could let the packagemanager show another keys fingerprint while a second one was actually used to sign the repository CVE-2013-3704. %NASLMINLEVEL...
CVE-2013-3704
CVE-2013-3704 affects the RPM GPG key import/handling in libzypp up to version 12.15.0. When multiple key blobs are used, the signature fingerprint presented to users could differ from the repository’s actual signing key, potentially enabling an attacker to mislead users into trusting a signed re...