Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-202106-18 ========================================= Severity: Low Date : 2021-06-01 CVE-ID : CVE-2020-16121 Package : packagekit Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-1260 Summary ====== The package packagekit before version 1.2.3-1 is vulnerable to information disclosure. Resolution ========= Upgrade to 1.2.3-1. # pacman -Syu "packagekit>=1.2.3-1" The problem has been fixed upstream in version 1.2.3. Workaround ========= None. Description ========== The InstallFiles, GetFilesLocal and GetDetailsLocal methods of the DBus interface to PackageKit <= 1.1.13 access files before checking for authorization. This allows non-privileged users to learn the MIME type of any file on the system. Impact ===== A non-privileged local attacker could learn the MIME type of any file on the system. References ========= https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887 https://github.com/PackageKit/PackageKit/commit/d5e8c59745bf7c521c6f311e6b22b4b67a8b828f https://security.archlinux.org/CVE-2020-16121