View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-9271 severity moderate: SUSE including 530 source package names (0.1.0:libsigc-2_0-0-2.10.0-3.7.1, 0.1.0:libsolv-tools-0.7.17-3.32.1, …), 970 product×package rows across 191 product lines (Container bci/bci-init, Container bci/golang, … (191 product lines)): Fixed 792, Known Affected 131, Known Not Affected 35, First Fixed 12.
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.