CVE-2017-9271

NameCVE-2017-9271
DescriptionThe commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs988152

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libzypp (PTS)bullseye17.25.7-1fixed
bookworm17.25.7-2.4fixed
sid, trixie17.35.15-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libzyppsource(unstable)17.25.5-2low988152

Notes

[buster] - libzypp <ignored> (Minor issue)
[jessie] - libzypp <ignored> (Minor issue)
https://bugzilla.suse.com/show_bug.cgi?id=1050625
https://github.com/openSUSE/libzypp/commit/c693f46ca9bf18dda9b4b56f78e069e26b5b03ff (17.25.3)

Search for package or bug name: Reporting problems