ArchLinux: 202106-18: packagekit: information disclosure | LinuxSec...

Advisories

Arch Linux Security Advisory ASA-202106-18
==========================================

Severity: Low
Date    : 2021-06-01
CVE-ID  : CVE-2020-16121
Package : packagekit
Type    : information disclosure
Remote  : No
Link    : https://security.archlinux.org/AVG-1260

Summary
=======

The package packagekit before version 1.2.3-1 is vulnerable to
information disclosure.

Resolution
==========

Upgrade to 1.2.3-1.

# pacman -Syu "packagekit>=1.2.3-1"

The problem has been fixed upstream in version 1.2.3.

Workaround
==========

None.

Description
===========

The InstallFiles, GetFilesLocal and GetDetailsLocal methods of the DBus
interface to PackageKit <= 1.1.13 access files before checking for
authorization. This allows non-privileged users to learn the MIME type
of any file on the system.

Impact
======

A non-privileged local attacker could learn the MIME type of any file
on the system.

References
==========

https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887
https://github.com/hughsie/PackageKit/commit/d5e8c59745bf7c521c6f311e6b22b4b67a8b828f
https://security.archlinux.org/CVE-2020-16121

ArchLinux: 202106-18: packagekit: information disclosure

June 3, 2021
The package packagekit before version 1.2.3-1 is vulnerable to information disclosure

Summary

The InstallFiles, GetFilesLocal and GetDetailsLocal methods of the DBus interface to PackageKit <= 1.1.13 access files before checking for authorization. This allows non-privileged users to learn the MIME type of any file on the system.

Resolution

Upgrade to 1.2.3-1.
# pacman -Syu "packagekit>=1.2.3-1"
The problem has been fixed upstream in version 1.2.3.

References

https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887 https://github.com/hughsie/PackageKit/commit/d5e8c59745bf7c521c6f311e6b22b4b67a8b828f https://security.archlinux.org/CVE-2020-16121

Severity
CVE-ID : CVE-2020-16121
Package : packagekit
Type : information disclosure
Remote : No
Link : https://security.archlinux.org/AVG-1260

Impact

A non-privileged local attacker could learn the MIME type of any file on the system.

Workaround

None.

Related News

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.