Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a more-trustworthy key.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
libzypp RPM GPG密钥导入和处理功能安全漏洞
Vulnerability Description
libzypp(又名ZYPP)是美国Novell公司资助的一套开源的可管理引擎、驱动(例如:Linux应用程序YaST、Zypper)的工具。 libzypp 12.15.0及之前的版本中的RPM GPG密钥导入和处理功能中存在安全漏洞,当使用多个密钥块时,库使用不同于密钥签名的密钥指纹加密技术。远程攻击者可利用该漏洞诱使用户相信使用密钥签名的库。
CVSS Information
N/A
Vulnerability Type
N/A