Debian Security Advisory

DSA-4207-1 packagekit -- security update

Date Reported:
22 May 2018
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 896703.
In Mitre's CVE dictionary: CVE-2018-1106.
More information:

Matthias Gerstner discovered that PackageKit, a DBus abstraction layer for simple software management tasks, contains an authentication bypass flaw allowing users without privileges to install local packages.

For the stable distribution (stretch), this problem has been fixed in version 1.1.5-2+deb9u1.

We recommend that you upgrade your packagekit packages.

For the detailed security status of packagekit please refer to its security tracker page at: