- ------------------------------------------------------------------------- Debian Security Advisory DSA-4207-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : packagekit CVE ID : CVE-2018-1106 Debian Bug : 896703 Matthias Gerstner discovered that PackageKit, a DBus abstraction layer for simple software management tasks, contains an authentication bypass flaw allowing users without privileges to install local packages. For the stable distribution (stretch), this problem has been fixed in version 1.1.5-2+deb9u1. We recommend that you upgrade your packagekit packages. For the detailed security status of packagekit please refer to its security tracker page at: https://security-tracker.debian.org/tracker/packagekit Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Debian: DSA-4207-1: packagekit security update
Matthias Gerstner discovered that PackageKit, a DBus abstraction layer for simple software management tasks, contains an authentication bypass flaw allowing users without privileges to install local packages.
