18 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-9269
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to...
SUSE CVE-2017-9269
In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content...
SUSE: Security Advisory (SUSE-SU-2018:2690-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:2701-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:2040-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:2814-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:2264-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:2688-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : libzypp / zypper (openSUSE-2019-685)
This update for libzypp, zypper, libsolv provides the following fixes : Security fixes in libzypp : - CVE-2018-7685: PackageProvider: Validate RPMs before caching bsc1091624, bsc1088705 - CVE-2017-9269: Be sure bad packages do not stay in the cache bsc1045735 Changes in libzypp : - Update to...
SUSE SLED15 / SLES15 Security Update : libzypp, zypper (SUSE-SU-2018:2690-1)
This update for libzypp, zypper, libsolv provides the following fixes : Security fixes in libzypp : CVE-2018-7685: PackageProvider: Validate RPMs before caching bsc1091624, bsc1088705 CVE-2017-9269: Be sure bad packages do not stay in the cache bsc1045735 Changes in libzypp: Update to version...
openSUSE: Security Advisory for libzypp (openSUSE-SU-2018:2739-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for libzypp, zypper (important)
This update for libzypp, zypper, libsolv provides the following fixes: Security fixes in libzypp: - CVE-2018-7685: PackageProvider: Validate RPMs before caching bsc1091624, bsc1088705 - CVE-2017-9269: Be sure bad packages do not stay in the cache bsc1045735 Changes in libzypp: - Update to version...
SUSE SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2688-1)
This update for libzypp, zypper fixes the following issues : libzypp security fixes : PackageProvider: Validate delta rpms before caching bsc1091624, bsc1088705, CVE-2018-7685 PackageProvider: Validate downloaded rpm package signatures before caching bsc1091624, bsc1088705, CVE-2018-7685 Be sure...
SUSE SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2555-1)
This update for libzypp, zypper provides the following fixes : libzypp security fixes : CVE-2018-7685: Validate RPMs before caching bsc1091624, bsc1088705 CVE-2017-9269: Be sure bad packages do not stay in the cache bsc1045735 CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix repo gpg check...
CVE-2017-9269
CVE-2017-9269 affects libzypp; before Aug 2018 GPG keys attached to YUM repositories were not properly pinned, allowing malicious mirrors to downgrade to unsigned repos with potentially malicious content. The issue originates from improper key pinning rather than repository signing verification. ...
CVE-2017-9269 lack of keypinning in libzypp could lead to repository switching
In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content...
SUSE SLED12 / SLES12 Security Update : libzypp (SUSE-SU-2017:2264-1)
The Software Update Stack was updated to receive fixes and enhancements. libzypp : - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 - Fix gpg-pubkey release creation time computation. bsc1036659 - Update...
openSUSE: Security Advisory for libzypp (openSUSE-SU-2017:2111-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...