The decoupled download and installation steps in libzypp prior to 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse libzypp |