MGASA-2020-0415 - Updated packagekit packages fix a security vulnerability

Publication date: 13 Nov 2020
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-16121

It was discovered that packagekit was subject to a vulnerability where the
InstallFiles, GetFilesLocal and GetDetailsLocal methods of the DBus interface
to PackageKit accesses given files before checking for authorization. This
allows non-privileged users to learn the MIME type of any file on the system.


- 7/core/packagekit-1.1.12-3.1.mga7