Security Information / 2018 / Security Information -- DSA-4207-1 packagekit

Debian Security Advisory

DSA-4207-1 packagekit -- security update

Date Reported:

22 May 2018

Affected Packages:

packagekit

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 896703.
In Mitre's CVE dictionary: CVE-2018-1106.

More information:

Matthias Gerstner discovered that PackageKit, a DBus abstraction layer for simple software management tasks, contains an authentication bypass flaw allowing users without privileges to install local packages.

For the stable distribution (stretch), this problem has been fixed in version 1.1.5-2+deb9u1.

We recommend that you upgrade your packagekit packages.

For the detailed security status of packagekit please refer to its security tracker page at: https://security-tracker.debian.org/tracker/packagekit