SUSE-SU-2024:1046-1

Опубликовано: 28 мар. 2024

Источник: suse-cvrf

Описание

Security update for PackageKit

This update for PackageKit fixes the following issues:

CVE-2024-0217: Check that Finished signal is emitted at most once (bsc#1218544).
Dropped unnecessary executable permission (bsc#1209138).

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP5

PackageKit-1.2.4-150400.3.13.1

PackageKit-backend-zypp-1.2.4-150400.3.13.1

PackageKit-devel-1.2.4-150400.3.13.1

PackageKit-lang-1.2.4-150400.3.13.1

libpackagekit-glib2-18-1.2.4-150400.3.13.1

libpackagekit-glib2-devel-1.2.4-150400.3.13.1

typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.13.1

SUSE Linux Enterprise Workstation Extension 15 SP5

PackageKit-gstreamer-plugin-1.2.4-150400.3.13.1

PackageKit-gtk3-module-1.2.4-150400.3.13.1

openSUSE Leap 15.5

PackageKit-1.2.4-150400.3.13.1

PackageKit-backend-dnf-1.2.4-150400.3.13.1

PackageKit-backend-zypp-1.2.4-150400.3.13.1

PackageKit-branding-upstream-1.2.4-150400.3.13.1

PackageKit-devel-1.2.4-150400.3.13.1

PackageKit-gstreamer-plugin-1.2.4-150400.3.13.1

PackageKit-gtk3-module-1.2.4-150400.3.13.1

PackageKit-lang-1.2.4-150400.3.13.1

libpackagekit-glib2-18-1.2.4-150400.3.13.1

libpackagekit-glib2-18-32bit-1.2.4-150400.3.13.1

libpackagekit-glib2-devel-1.2.4-150400.3.13.1

libpackagekit-glib2-devel-32bit-1.2.4-150400.3.13.1

typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.13.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20241046-1/
Link for SUSE-SU-2024:1046-1
https://lists.suse.com/pipermail/sle-updates/2024-March/034807.html
E-Mail link for SUSE-SU-2024:1046-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1209138
SUSE Bug 1209138
https://bugzilla.suse.com/1218544
SUSE Bug 1218544
https://www.suse.com/security/cve/CVE-2024-0217/
SUSE CVE CVE-2024-0217 page

Описание

A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.

Затронутые продукты

SUSE Linux Enterprise Module for Desktop Applications 15 SP5:PackageKit-1.2.4-150400.3.13.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP5:PackageKit-backend-zypp-1.2.4-150400.3.13.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP5:PackageKit-devel-1.2.4-150400.3.13.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP5:PackageKit-lang-1.2.4-150400.3.13.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-0217.html
CVE-2024-0217
https://bugzilla.suse.com/1218544
SUSE Bug 1218544

SUSE-SU-2024:1046-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP5

SUSE Linux Enterprise Workstation Extension 15 SP5

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2024-0217

Описание

Затронутые продукты

Ссылки