Suse Libzypp Vulnerabilities

Suse Libzypp vulnerabilities.

30 August 2018

libzypp does not reevaluate malicious rpms once downloaded
CVE-2018-7685
SuseLibzypp7.8HIGH

1 March 2018

libzypp accepts unsigned 3rd party repo without warning
CVE-2017-7435
SuseLibzypp8.1HIGH
lack of keypinning in libzypp could lead to repository switching
CVE-2017-9269
SuseLibzypp7.7HIGH
libzypp accepts unsigned packages even when configured to check signatures
CVE-2017-7436
SuseLibzypp8.1HIGH

No more vulnerabilities to load.