Описание
Security update for PackageKit
This update for PackageKit fixes the following issue:
- CVE-2020-16121: Fixed an Information disclosure in InstallFiles, GetFilesLocal and GetDetailsLocal (bsc#1176930).
- Notify service manager when it shutdown and cleanup temporary files when PackageKit quits. (bsc#1169739)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Список пакетов
openSUSE Leap 15.1
PackageKit-1.1.10-lp151.8.12.1
PackageKit-backend-zypp-1.1.10-lp151.8.12.1
PackageKit-branding-upstream-1.1.10-lp151.8.12.1
PackageKit-devel-1.1.10-lp151.8.12.1
PackageKit-gstreamer-plugin-1.1.10-lp151.8.12.1
PackageKit-gtk3-module-1.1.10-lp151.8.12.1
PackageKit-lang-1.1.10-lp151.8.12.1
libpackagekit-glib2-18-1.1.10-lp151.8.12.1
libpackagekit-glib2-devel-1.1.10-lp151.8.12.1
typelib-1_0-PackageKitGlib-1_0-1.1.10-lp151.8.12.1
Ссылки
- E-Mail link for openSUSE-SU-2020:2292-1
- SUSE Security Ratings
- SUSE Bug 1169739
- SUSE Bug 1176930
- SUSE CVE CVE-2020-16121 page
Описание
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
Затронутые продукты
openSUSE Leap 15.1:PackageKit-1.1.10-lp151.8.12.1
openSUSE Leap 15.1:PackageKit-backend-zypp-1.1.10-lp151.8.12.1
openSUSE Leap 15.1:PackageKit-branding-upstream-1.1.10-lp151.8.12.1
openSUSE Leap 15.1:PackageKit-devel-1.1.10-lp151.8.12.1
Ссылки
- CVE-2020-16121
- SUSE Bug 1176930