MGASA-2020-0415 - Updated packagekit packages fix a security vulnerability

Publication date: 13 Nov 2020
URL: https://advisories.mageia.org/MGASA-2020-0415.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-16121

It was discovered that packagekit was subject to a vulnerability where the
InstallFiles, GetFilesLocal and GetDetailsLocal methods of the DBus interface
to PackageKit accesses given files before checking for authorization. This
allows non-privileged users to learn the MIME type of any file on the system.
(CVE-2020-16121)

References:
- https://bugs.mageia.org/show_bug.cgi?id=27321
- https://ubuntu.com/security/notices/USN-4538-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16121

SRPMS:
- 7/core/packagekit-1.1.12-3.1.mga7