CVE-2017-9269
CVE-2017-9269 affects libzypp; before Aug 2018 GPG keys attached to YUM repositories were not properly pinned, allowing malicious mirrors to downgrade to unsigned repos with potentially malicious content. The issue originates from improper key pinning rather than repository signing verification. ...