Debian Security Advisory
DSA-4207-1 packagekit -- security update
- Date Reported:
- 22 May 2018
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 896703.
In Mitre's CVE dictionary: CVE-2018-1106.
- More information:
Matthias Gerstner discovered that PackageKit, a DBus abstraction layer for simple software management tasks, contains an authentication bypass flaw allowing users without privileges to install local packages.
For the stable distribution (stretch), this problem has been fixed in version 1.1.5-2+deb9u1.
We recommend that you upgrade your packagekit packages.
For the detailed security status of packagekit please refer to its security tracker page at: https://security-tracker.debian.org/tracker/packagekit