CVE-2013-3704

Name of the Vulnerable Software and Affected Versions libzypp versions 12.15.0 and earlier

Description The issue affects the RPM GPG key import and handling feature, potentially allowing remote attackers to deceive users into trusting a repository signed by a less trustworthy key. This is possible when multiple key blobs are used, and the feature reports a different key fingerprint than the one actually used for signing the repository.

Recommendations For libzypp versions 12.15.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.