libzypp: security fixes in RPM GPG key import parsing
libzypp was adjusted to enhance the RPM GPG key import/handling to
avoid a problem with multiple key blobs.
Attackers able to supplying a repository could let the packagemanager
show another keys fingerprint while a second one was actually used to
sign the repository (CVE-2013-3704).
-
Submitted by
Michael Andres (mlandres)
- Restart package-manager is suggested
Fixed bugs
bnc#828672
VUL-1: CVE-2013-3704: libzypp may missinterpret gpg-pubkey data
