Description
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_13_gpg.html
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_09_gpg.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16889
Scores
EPSS
0.0021
EPSS Percentile
43.5%
Details
Status
published
Products (2)
novell/suse_linux
10.0
suse/suse_linux
9.3
Published
Feb 23, 2006
Tracked Since
Feb 18, 2026