PT-2018-18210 · Opensuse+1 · Libzypp+1

Johannes Segitz

Publicado

2018-08-30

Atualizado

2024-06-15

CVE-2018-7685

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libzypp versions prior to 17.5.0

Description The issue is related to the decoupled download and installation steps in libzypp, which could lead to a corrupted RPM being left in the cache. If a later call is made, it would not display the corrupted RPM warning, allowing the installation to proceed. This problem is caused by malicious warnings that are only displayed during the download process.

Recommendations For versions prior to 17.5.0, update to version 17.5.0 or later to resolve the issue.

Correção

Improperly Implemented Security Check for Standard

Improper Verification of Cryptographic Signature

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-358CWE-347

Identificadores relacionados

CVE-2018-7685

OPENSUSE-SU-2018_2739-1

OPENSUSE-SU-2018_2881-1

OPENSUSE-SU-2024:11019-1

SUSE-SU-2018:2555-1

SUSE-SU-2018:2688-1

SUSE-SU-2018:2690-1

SUSE-SU-2018:2716-1

SUSE-SU-2018:2716-2

SUSE-SU-2018:2814-1

Produtos afetados

Suse

Libzypp

PT-2018-18210 · Opensuse+1 · Libzypp+1

CVE-2018-7685

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 68