zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a spoofed key.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse zypper 11.0 |
||
opensuse zypper 10.2 |
||
opensuse zypper 10.3 |