漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
libzypp does not reevaluate malicious rpms once downloaded
Vulnerability Description
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.
CVSS Information
N/A
Vulnerability Type
不恰当实现的标准安全检查
Vulnerability Title
libzypp 安全漏洞
Vulnerability Description
libzypp(又名ZYPP)是美国Novell公司资助的一套开源的可管理引擎、驱动(例如:Linux应用程序YaST、Zypper)的工具。 libzypp 17.5.0之前版本中存在安全漏洞,该漏洞源于程序只会在下载过程中弹出恶意警告。攻击者可借助解耦下载和安装步骤利用该漏洞将受损的RPM存储在缓存中,并且使其进行安装。
CVSS Information
N/A
Vulnerability Type
N/A