Descriptionzypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a spoofed key.
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
|National Vulnerability Database|
- SUSE-SR:2008:015, published Fri, 18 Jul 2008 13:00:00 +0000
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE 11.0|| |