Candidate: CVE-2017-7435
PublicDate: 2018-03-01 20:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7435
Description:
 In libzypp before 20170803 it was possible to add unsigned YUM repositories
 without warning to the user that could lead to man in the middle or
 malicious servers to inject malicious RPM packages into a users system.
Ubuntu-Description: 
Notes: 
 sbeattie> likely requires zypper changes, too
Bugs: 
 https://bugzilla.novell.com/show_bug.cgi?id=1038984
Priority: medium
Discovered-by: Bolesław Tokarski
Assigned-to: 
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]

Patches_libzypp:
upstream_libzypp: released (17.3.1-1)
precise/esm_libzypp: DNE
trusty_libzypp: DNE
trusty/esm_libzypp: DNE
vivid/ubuntu-core_libzypp: DNE
xenial_libzypp: ignored (end of standard support, was needed)
zesty_libzypp: ignored (reached end-of-life)
artful_libzypp: ignored (reached end-of-life)
bionic_libzypp: DNE
cosmic_libzypp: not-affected (17.6.1-1)
disco_libzypp: not-affected (17.6.1-1)
eoan_libzypp: not-affected (17.6.1-1)
focal_libzypp: not-affected (17.6.1-1)
groovy_libzypp: DNE
hirsute_libzypp: not-affected (17.6.1-1)
impish_libzypp: not-affected (17.6.1-1)
jammy_libzypp: not-affected (17.6.1-1)
devel_libzypp: not-affected (17.6.1-1)