CVE-2017-9269
Publication date 1 March 2018
Last updated 26 August 2025
Ubuntu priority
Cvss 3 Severity Score
Description
In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libzypp | 26.04 LTS resolute |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored end of standard support, was needed | |
| 14.04 LTS trusty | Not in release |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
7.7 · High
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L