PackageKit security update

2018-05-30T18:24:23
ID CESA-2018:1224
Type centos
Reporter CentOS Project
Modified 2018-05-30T18:24:23

Description

CentOS Errata and Security Advisory CESA-2018:1224

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API.

Security Fix(es):

  • PackageKit: authentication bypass allows to install signed packages without administrator privileges (CVE-2018-1106)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Matthias Gerstner (SUSE) for reporting this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2018-May/022891.html

Affected packages: PackageKit PackageKit-command-not-found PackageKit-cron PackageKit-glib PackageKit-glib-devel PackageKit-gstreamer-plugin PackageKit-gtk3-module PackageKit-yum PackageKit-yum-plugin

Upstream details at: