The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used. https://bugzilla.suse.com/show_bug.cgi?id=1050625 https://www.suse.com/de-de/security/cve/CVE-2017-9271/
Created libzypp tracking bugs for this issue: Affects: fedora-all [bug 1922191] Created zypper tracking bugs for this issue: Affects: fedora-all [bug 1922190]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.