Key Fingerprint Misreporting in libzypp Affects openSUSE

CVE-2013-3704

What is CVE-2013-3704?

The libzypp component in versions 12.15.0 and prior has a security flaw in the RPM GPG key import and handling feature. When multiple key blobs are used, it presents a different key fingerprint than that of the actual signing key for a repository. This inconsistency can mislead users, leading them to believe that the repository has been signed by a more trustworthy source than it actually is. Remote attackers can exploit this issue to compromise the integrity of software installations, putting systems at risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References