The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libzypp | Opensuse | * | 17.5.0 (excluding) |
Libzypp | Ubuntu | esm-apps/xenial | * |
Libzypp | Ubuntu | upstream | * |
Libzypp | Ubuntu | xenial | * |