CVE Vulnerabilities

CVE-2013-3704

Published: Oct 28, 2013 | Modified: Oct 29, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a more-trustworthy key.

Affected Software

Name Vendor Start Version End Version
Libzypp Novell 11.2 11.2
Libzypp Novell 12.2 12.2
Libzypp Novell * 12.15.0
Libzypp Novell 12.1 12.1
Libzypp Novell 11.4 11.4
Libzypp Novell 11.3 11.3
Libzypp Novell 12.3 12.3

References