Описание
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| packagekit | fixed | 1.1.10-1 | package | |
| packagekit | not-affected | jessie | package | |
| packagekit | not-affected | wheezy | package |
Примечания
https://www.openwall.com/lists/oss-security/2018/04/23/3
Fixed by: https://github.com/hughsie/PackageKit/commit/7e8a7905ea9abbd1f384f05f36a4458682cd4697 (PACKAGEKIT_1_1_10)
Introduced by: https://github.com/hughsie/PackageKit/commit/f176976e24e8c17b80eff222572275517c16bdad
Resulting affected (upstream) versions: >= 1.0.10 up until current 1.1.9
EPSS
Связанные уязвимости
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
EPSS