SUSE SLED15 / SLES15 Security Update : PackageKit (SUSE-SU-2020:3911-1)

2020-12-23T00:00:00

Description

This update for PackageKit fixes the following issue : CVE-2020-16121: Fixed an Information disclosure in InstallFiles, GetFilesLocal and GetDetailsLocal (bsc#1176930). Update summary and description of gstreamer-plugin and gtk3-module. (bsc#1104313) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "SUSE_SU-2020-3911-1.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLED15 / SLES15 Security Update : PackageKit (SUSE-SU-2020:3911-1)", "description": "This update for PackageKit fixes the following issue :\n\nCVE-2020-16121: Fixed an Information disclosure in InstallFiles, GetFilesLocal and GetDetailsLocal (bsc#1176930).\n\nUpdate summary and description of gstreamer-plugin and gtk3-module.\n(bsc#1104313)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2020-12-23T00:00:00", "modified": "2020-12-28T00:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/144578", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2020-16121/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16121", "https://bugzilla.suse.com/show_bug.cgi?id=1176930", "https://bugzilla.suse.com/show_bug.cgi?id=1104313", "http://www.nessus.org/u?d714a77a"], "cvelist": ["CVE-2020-16121"], "immutableFields": [], "lastseen": "2022-02-19T00:43:23", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-202106-18"]}, {"type": "cve", "idList": ["CVE-2020-16121"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2399-1:512EA"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-16121"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2020-16121/", "MSF:ILITIES/UBUNTU-CVE-2020-16121/", "MSF:ILITIES/UBUNTU-CVE-2020-16122/"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2399.NASL", "OPENSUSE-2020-2292.NASL", "OPENSUSE-2020-2344.NASL", "SUSE_SU-2020-3845-1.NASL", "SUSE_SU-2020-3909-1.NASL"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-16121"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:2292-1", "OPENSUSE-SU-2020:2344-1"]}, {"type": "ubuntu", "idList": ["USN-4538-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-16121"]}], "rev": 4}, "score": {"value": 3.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-202106-18"]}, {"type": "cve", "idList": ["CVE-2020-16121"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2399-1:512EA"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-16121"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2020-16121/", "MSF:ILITIES/UBUNTU-CVE-2020-16121/", "MSF:ILITIES/UBUNTU-CVE-2020-16122/"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2399.NASL"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-16121"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:2292-1", "OPENSUSE-SU-2020:2344-1"]}, {"type": "ubuntu", "idList": ["USN-4538-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-16121"]}]}, "exploitation": null, "vulnersScore": 3.3}, "_state": {"dependencies": 1645876391}, "_internal": {}, "pluginID": "144578", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3911-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144578);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/28\");\n\n script_cve_id(\"CVE-2020-16121\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : PackageKit (SUSE-SU-2020:3911-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for PackageKit fixes the following issue :\n\nCVE-2020-16121: Fixed an Information disclosure in InstallFiles,\nGetFilesLocal and GetDetailsLocal (bsc#1176930).\n\nUpdate summary and description of gstreamer-plugin and gtk3-module.\n(bsc#1104313)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-16121/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203911-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d714a77a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-3911=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP2-2020-3911=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit-backend-zypp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit-backend-zypp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpackagekit-glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpackagekit-glib2-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpackagekit-glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-PackageKitGlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"PackageKit-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"PackageKit-backend-zypp-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"PackageKit-backend-zypp-debuginfo-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"PackageKit-debuginfo-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"PackageKit-debugsource-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"PackageKit-devel-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"PackageKit-devel-debuginfo-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libpackagekit-glib2-18-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libpackagekit-glib2-18-debuginfo-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libpackagekit-glib2-devel-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-PackageKitGlib-1_0-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"PackageKit-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"PackageKit-backend-zypp-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"PackageKit-backend-zypp-debuginfo-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"PackageKit-debuginfo-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"PackageKit-debugsource-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"PackageKit-devel-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"PackageKit-devel-debuginfo-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libpackagekit-glib2-18-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libpackagekit-glib2-18-debuginfo-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libpackagekit-glib2-devel-1.1.13-4.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-PackageKitGlib-1_0-1.1.13-4.14.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PackageKit\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:PackageKit", "p-cpe:/a:novell:suse_linux:PackageKit-backend-zypp", "p-cpe:/a:novell:suse_linux:PackageKit-backend-zypp-debuginfo", "p-cpe:/a:novell:suse_linux:PackageKit-debuginfo", "p-cpe:/a:novell:suse_linux:PackageKit-debugsource", "p-cpe:/a:novell:suse_linux:PackageKit-devel", "p-cpe:/a:novell:suse_linux:PackageKit-devel-debuginfo", "p-cpe:/a:novell:suse_linux:libpackagekit-glib2", "p-cpe:/a:novell:suse_linux:libpackagekit-glib2-18-debuginfo", "p-cpe:/a:novell:suse_linux:libpackagekit-glib2-devel", "p-cpe:/a:novell:suse_linux:typelib-1_0-PackageKitGlib", "cpe:/o:novell:suse_linux:15"], "solution": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-3911=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-3911=1", "nessusSeverity": "Low", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "1.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-12-22T00:00:00", "vulnerabilityPublicationDate": "2020-11-07T00:00:00", "exploitableWith": []}

{"redhatcve": [{"lastseen": "2022-06-08T08:05:29", "description": "PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-10-02T10:22:25", "type": "redhatcve", "title": "CVE-2020-16121", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16121"], "modified": "2022-06-08T07:44:37", "id": "RH:CVE-2020-16121", "href": "https://access.redhat.com/security/cve/cve-2020-16121", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2022-02-19T00:43:09", "description": "This update for PackageKit fixes the following issue :\n\nCVE-2020-16121: Fixed an Information disclosure in InstallFiles, GetFilesLocal and GetDetailsLocal (bsc#1176930).\n\nNotify service manager when it shutdown and cleanup temporary files when PackageKit quits. (bsc#1169739)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-12-17T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : PackageKit (SUSE-SU-2020:3845-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16121"], "modified": "2020-12-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:PackageKit", "p-cpe:/a:novell:suse_linux:PackageKit-backend-zypp", "p-cpe:/a:novell:suse_linux:PackageKit-backend-zypp-debuginfo", "p-cpe:/a:novell:suse_linux:PackageKit-debuginfo", "p-cpe:/a:novell:suse_linux:PackageKit-debugsource", "p-cpe:/a:novell:suse_linux:PackageKit-devel", "p-cpe:/a:novell:suse_linux:PackageKit-devel-debuginfo", "p-cpe:/a:novell:suse_linux:libpackagekit-glib2", "p-cpe:/a:novell:suse_linux:libpackagekit-glib2-18-debuginfo", "p-cpe:/a:novell:suse_linux:libpackagekit-glib2-devel", "p-cpe:/a:novell:suse_linux:typelib-1_0-PackageKitGlib", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3845-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144348", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3845-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144348);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/21\");\n\n script_cve_id(\"CVE-2020-16121\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : PackageKit (SUSE-SU-2020:3845-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for PackageKit fixes the following issue :\n\nCVE-2020-16121: Fixed an Information disclosure in InstallFiles,\nGetFilesLocal and GetDetailsLocal (bsc#1176930).\n\nNotify service manager when it shutdown and cleanup temporary files\nwhen PackageKit quits. (bsc#1169739)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-16121/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203845-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e79dd292\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-3845=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3845=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit-backend-zypp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit-backend-zypp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpackagekit-glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpackagekit-glib2-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpackagekit-glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-PackageKitGlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"PackageKit-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"PackageKit-backend-zypp-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"PackageKit-backend-zypp-debuginfo-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"PackageKit-debuginfo-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"PackageKit-debugsource-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"PackageKit-devel-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"PackageKit-devel-debuginfo-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libpackagekit-glib2-18-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libpackagekit-glib2-18-debuginfo-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libpackagekit-glib2-devel-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-PackageKitGlib-1_0-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"PackageKit-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"PackageKit-backend-zypp-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"PackageKit-backend-zypp-debuginfo-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"PackageKit-debuginfo-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"PackageKit-debugsource-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"PackageKit-devel-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"PackageKit-devel-debuginfo-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libpackagekit-glib2-18-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libpackagekit-glib2-18-debuginfo-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libpackagekit-glib2-devel-1.1.10-12.10.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-PackageKitGlib-1_0-1.1.10-12.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PackageKit\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-02-19T00:40:55", "description": "This update for PackageKit fixes the following issue :\n\n - CVE-2020-16121: Fixed an Information disclosure in InstallFiles, GetFilesLocal and GetDetailsLocal (bsc#1176930).\n\n - Update summary and description of gstreamer-plugin and gtk3-module. (bsc#1104313)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2021-01-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : PackageKit (openSUSE-2020-2344)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16121"], "modified": "2021-01-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:PackageKit", "p-cpe:/a:novell:opensuse:PackageKit-backend-dnf", "p-cpe:/a:novell:opensuse:PackageKit-backend-dnf-debuginfo", "p-cpe:/a:novell:opensuse:PackageKit-backend-zypp", "p-cpe:/a:novell:opensuse:PackageKit-backend-zypp-debuginfo", "p-cpe:/a:novell:opensuse:PackageKit-branding-upstream", "p-cpe:/a:novell:opensuse:PackageKit-debuginfo", "p-cpe:/a:novell:opensuse:PackageKit-debugsource", "p-cpe:/a:novell:opensuse:PackageKit-devel", "p-cpe:/a:novell:opensuse:PackageKit-devel-debuginfo", "p-cpe:/a:novell:opensuse:PackageKit-gstreamer-plugin", "p-cpe:/a:novell:opensuse:PackageKit-gstreamer-plugin-debuginfo", "p-cpe:/a:novell:opensuse:PackageKit-gtk3-module", "p-cpe:/a:novell:opensuse:PackageKit-gtk3-module-debuginfo", "p-cpe:/a:novell:opensuse:PackageKit-lang", "p-cpe:/a:novell:opensuse:libpackagekit-glib2-18", "p-cpe:/a:novell:opensuse:libpackagekit-glib2-18-32bit", "p-cpe:/a:novell:opensuse:libpackagekit-glib2-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libpackagekit-glib2-18-debuginfo", "p-cpe:/a:novell:opensuse:libpackagekit-glib2-devel", "p-cpe:/a:novell:opensuse:libpackagekit-glib2-devel-32bit", "p-cpe:/a:novell:opensuse:typelib-1_0-PackageKitGlib-1_0", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2344.NASL", "href": "https://www.tenable.com/plugins/nessus/145359", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2344.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145359);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\"CVE-2020-16121\");\n\n script_name(english:\"openSUSE Security Update : PackageKit (openSUSE-2020-2344)\");\n script_summary(english:\"Check for the openSUSE-2020-2344 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for PackageKit fixes the following issue :\n\n - CVE-2020-16121: Fixed an Information disclosure in\n InstallFiles, GetFilesLocal and GetDetailsLocal\n (bsc#1176930).\n\n - Update summary and description of gstreamer-plugin and\n gtk3-module. (bsc#1104313)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176930\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected PackageKit packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-backend-dnf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-backend-dnf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-backend-zypp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-backend-zypp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-gstreamer-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-gstreamer-plugin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-gtk3-module\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-gtk3-module-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpackagekit-glib2-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpackagekit-glib2-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpackagekit-glib2-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpackagekit-glib2-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpackagekit-glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpackagekit-glib2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-PackageKitGlib-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"PackageKit-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"PackageKit-backend-dnf-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"PackageKit-backend-dnf-debuginfo-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"PackageKit-backend-zypp-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"PackageKit-backend-zypp-debuginfo-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"PackageKit-branding-upstream-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"PackageKit-debuginfo-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"PackageKit-debugsource-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"PackageKit-devel-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"PackageKit-devel-debuginfo-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"PackageKit-gstreamer-plugin-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"PackageKit-gstreamer-plugin-debuginfo-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"PackageKit-gtk3-module-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"PackageKit-gtk3-module-debuginfo-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"PackageKit-lang-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libpackagekit-glib2-18-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libpackagekit-glib2-18-debuginfo-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libpackagekit-glib2-devel-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"typelib-1_0-PackageKitGlib-1_0-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libpackagekit-glib2-18-32bit-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libpackagekit-glib2-18-32bit-debuginfo-1.1.13-lp152.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libpackagekit-glib2-devel-32bit-1.1.13-lp152.3.15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PackageKit / PackageKit-backend-dnf / etc\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-02-19T00:45:13", "description": "This update for PackageKit fixes the following issues :\n\nCVE-2020-16121: Fixed an information disclosure in InstallFiles, GetFilesLocal and GetDetailsLocal (bsc#1176930).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-12-23T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : PackageKit (SUSE-SU-2020:3909-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16121"], "modified": "2020-12-28T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:PackageKit", "p-cpe:/a:novell:suse_linux:PackageKit-backend-zypp", "p-cpe:/a:novell:suse_linux:PackageKit-backend-zypp-debuginfo", "p-cpe:/a:novell:suse_linux:PackageKit-debuginfo", "p-cpe:/a:novell:suse_linux:PackageKit-debugsource", "p-cpe:/a:novell:suse_linux:libpackagekit-glib2", "p-cpe:/a:novell:suse_linux:libpackagekit-glib2-18-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-PackageKitGlib", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3909-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144581", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3909-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144581);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/28\");\n\n script_cve_id(\"CVE-2020-16121\");\n\n script_name(english:\"SUSE SLES12 Security Update : PackageKit (SUSE-SU-2020:3909-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for PackageKit fixes the following issues :\n\nCVE-2020-16121: Fixed an information disclosure in InstallFiles,\nGetFilesLocal and GetDetailsLocal (bsc#1176930).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-16121/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203909-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?230774dd\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2020-3909=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3909=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3909=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit-backend-zypp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit-backend-zypp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:PackageKit-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpackagekit-glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpackagekit-glib2-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-PackageKitGlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"PackageKit-1.1.3-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"PackageKit-backend-zypp-1.1.3-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"PackageKit-backend-zypp-debuginfo-1.1.3-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"PackageKit-debuginfo-1.1.3-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"PackageKit-debugsource-1.1.3-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpackagekit-glib2-18-1.1.3-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpackagekit-glib2-18-debuginfo-1.1.3-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-PackageKitGlib-1_0-1.1.3-24.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PackageKit\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-02-15T12:35:47", "description": "This update for PackageKit fixes the following issue :\n\n - CVE-2020-16121: Fixed an Information disclosure in InstallFiles, GetFilesLocal and GetDetailsLocal (bsc#1176930).\n\n - Notify service manager when it shutdown and cleanup temporary files when PackageKit quits. (bsc#1169739)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {"score": 3.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2021-01-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : PackageKit (openSUSE-2020-2292)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16121"], "modified": "2021-01-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:PackageKit", "p-cpe:/a:novell:opensuse:PackageKit-backend-zypp", "p-cpe:/a:novell:opensuse:PackageKit-backend-zypp-debuginfo", "p-cpe:/a:novell:opensuse:PackageKit-branding-upstream", "p-cpe:/a:novell:opensuse:PackageKit-debuginfo", "p-cpe:/a:novell:opensuse:PackageKit-debugsource", "p-cpe:/a:novell:opensuse:PackageKit-devel", "p-cpe:/a:novell:opensuse:PackageKit-devel-debuginfo", "p-cpe:/a:novell:opensuse:PackageKit-gstreamer-plugin", "p-cpe:/a:novell:opensuse:PackageKit-gstreamer-plugin-debuginfo", "p-cpe:/a:novell:opensuse:PackageKit-gtk3-module", "p-cpe:/a:novell:opensuse:PackageKit-gtk3-module-debuginfo", "p-cpe:/a:novell:opensuse:PackageKit-lang", "p-cpe:/a:novell:opensuse:libpackagekit-glib2-18", "p-cpe:/a:novell:opensuse:libpackagekit-glib2-18-debuginfo", "p-cpe:/a:novell:opensuse:libpackagekit-glib2-devel", "p-cpe:/a:novell:opensuse:typelib-1_0-PackageKitGlib-1_0", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2292.NASL", "href": "https://www.tenable.com/plugins/nessus/145313", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2292.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145313);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\"CVE-2020-16121\");\n\n script_name(english:\"openSUSE Security Update : PackageKit (openSUSE-2020-2292)\");\n script_summary(english:\"Check for the openSUSE-2020-2292 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for PackageKit fixes the following issue :\n\n - CVE-2020-16121: Fixed an Information disclosure in\n InstallFiles, GetFilesLocal and GetDetailsLocal\n (bsc#1176930).\n\n - Notify service manager when it shutdown and cleanup\n temporary files when PackageKit quits. (bsc#1169739)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176930\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected PackageKit packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-backend-zypp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-backend-zypp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-gstreamer-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-gstreamer-plugin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-gtk3-module\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-gtk3-module-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:PackageKit-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpackagekit-glib2-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpackagekit-glib2-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpackagekit-glib2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-PackageKitGlib-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"PackageKit-1.1.10-lp151.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"PackageKit-backend-zypp-1.1.10-lp151.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"PackageKit-backend-zypp-debuginfo-1.1.10-lp151.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"PackageKit-branding-upstream-1.1.10-lp151.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"PackageKit-debuginfo-1.1.10-lp151.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"PackageKit-debugsource-1.1.10-lp151.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"PackageKit-devel-1.1.10-lp151.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"PackageKit-devel-debuginfo-1.1.10-lp151.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"PackageKit-gstreamer-plugin-1.1.10-lp151.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"PackageKit-gstreamer-plugin-debuginfo-1.1.10-lp151.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"PackageKit-gtk3-module-1.1.10-lp151.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"PackageKit-gtk3-module-debuginfo-1.1.10-lp151.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"PackageKit-lang-1.1.10-lp151.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libpackagekit-glib2-18-1.1.10-lp151.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libpackagekit-glib2-18-debuginfo-1.1.10-lp151.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libpackagekit-glib2-devel-1.1.10-lp151.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-PackageKitGlib-1_0-1.1.10-lp151.8.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PackageKit / PackageKit-backend-zypp / etc\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:12:33", "description": "Two vulnerabilities have been discovered in packagekit, a package management service.\n\nCVE-2020-16121\n\nVaisha Bernard discovered that PackageKit incorrectly handled certain methods. A local attacker could use this issue to learn the MIME type of any file on the system.\n\nCVE-2020-16122\n\nSami Niemimäki discovered that PackageKit incorrectly handled local deb packages. A local user could possibly use this issue to install untrusted packages, contrary to expectations.\n\nFor Debian 9 stretch, these problems have been fixed in version 1.1.5-2+deb9u2.\n\nWe recommend that you upgrade your packagekit packages.\n\nFor the detailed security status of packagekit please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/packagekit\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-10-08T00:00:00", "type": "nessus", "title": "Debian DLA-2399-1 : packagekit security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16121", "CVE-2020-16122"], "modified": "2020-11-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gir1.2-packagekitglib-1.0", "p-cpe:/a:debian:debian_linux:gstreamer1.0-packagekit", "p-cpe:/a:debian:debian_linux:libpackagekit-glib2-18", "p-cpe:/a:debian:debian_linux:libpackagekit-glib2-dev", "p-cpe:/a:debian:debian_linux:packagekit", "p-cpe:/a:debian:debian_linux:packagekit-command-not-found", "p-cpe:/a:debian:debian_linux:packagekit-docs", "p-cpe:/a:debian:debian_linux:packagekit-gtk3-module", "p-cpe:/a:debian:debian_linux:packagekit-tools", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2399.NASL", "href": "https://www.tenable.com/plugins/nessus/141291", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2399-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141291);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2020-16121\", \"CVE-2020-16122\");\n\n script_name(english:\"Debian DLA-2399-1 : packagekit security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Two vulnerabilities have been discovered in packagekit, a package\nmanagement service.\n\nCVE-2020-16121\n\nVaisha Bernard discovered that PackageKit incorrectly handled certain\nmethods. A local attacker could use this issue to learn the MIME type\nof any file on the system.\n\nCVE-2020-16122\n\nSami Niemimäki discovered that PackageKit incorrectly handled\nlocal deb packages. A local user could possibly use this issue to\ninstall untrusted packages, contrary to expectations.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.1.5-2+deb9u2.\n\nWe recommend that you upgrade your packagekit packages.\n\nFor the detailed security status of packagekit please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/packagekit\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/10/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/packagekit\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/packagekit\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16122\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-packagekitglib-1.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gstreamer1.0-packagekit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpackagekit-glib2-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpackagekit-glib2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:packagekit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:packagekit-command-not-found\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:packagekit-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:packagekit-gtk3-module\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:packagekit-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"gir1.2-packagekitglib-1.0\", reference:\"1.1.5-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"gstreamer1.0-packagekit\", reference:\"1.1.5-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpackagekit-glib2-18\", reference:\"1.1.5-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpackagekit-glib2-dev\", reference:\"1.1.5-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"packagekit\", reference:\"1.1.5-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"packagekit-command-not-found\", reference:\"1.1.5-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"packagekit-docs\", reference:\"1.1.5-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"packagekit-gtk3-module\", reference:\"1.1.5-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"packagekit-tools\", reference:\"1.1.5-2+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2022-03-21T07:38:59", "description": "PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-11-07T04:15:00", "type": "debiancve", "title": "CVE-2020-16121", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16121"], "modified": "2020-11-07T04:15:00", "id": "DEBIANCVE:CVE-2020-16121", "href": "https://security-tracker.debian.org/tracker/CVE-2020-16121", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:24:50", "description": "PackageKit provided detailed error messages to unprivileged callers that\nexposed information about file presence and mimetype of files that the user\nwould be unable to determine on its own.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-09-24T00:00:00", "type": "ubuntucve", "title": "CVE-2020-16121", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16121"], "modified": "2020-09-24T00:00:00", "id": "UB:CVE-2020-16121", "href": "https://ubuntu.com/security/CVE-2020-16121", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2022-04-21T22:47:51", "description": "An update that solves one vulnerability and has one errata\n is now available.\n\nDescription:\n\n This update for PackageKit fixes the following issue:\n\n - CVE-2020-16121: Fixed an Information disclosure in InstallFiles,\n GetFilesLocal and GetDetailsLocal (bsc#1176930).\n - Update summary and description of gstreamer-plugin and gtk3-module.\n (bsc#1104313)\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-2344=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-12-27T00:00:00", "type": "suse", "title": "Security update for PackageKit (low)", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16121"], "modified": "2020-12-27T00:00:00", "id": "OPENSUSE-SU-2020:2344-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YZ7V5X4VPZ6MTETS6GU4AOZBIWDADE3U/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-10T18:10:11", "description": "An update that solves one vulnerability and has one errata\n is now available.\n\nDescription:\n\n This update for PackageKit fixes the following issue:\n\n - CVE-2020-16121: Fixed an Information disclosure in InstallFiles,\n GetFilesLocal and GetDetailsLocal (bsc#1176930).\n - Notify service manager when it shutdown and cleanup temporary files when\n PackageKit quits. (bsc#1169739)\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-2292=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-12-20T00:00:00", "type": "suse", "title": "Security update for PackageKit (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16121"], "modified": "2020-12-20T00:00:00", "id": "OPENSUSE-SU-2020:2292-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CMDG3TCU5LRAC7S5OQFWQ2ZCJ6MQPUSX/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "archlinux": [{"lastseen": "2021-07-28T14:33:54", "description": "Arch Linux Security Advisory ASA-202106-18\n==========================================\n\nSeverity: Low\nDate : 2021-06-01\nCVE-ID : CVE-2020-16121\nPackage : packagekit\nType : information disclosure\nRemote : No\nLink : https://security.archlinux.org/AVG-1260\n\nSummary\n=======\n\nThe package packagekit before version 1.2.3-1 is vulnerable to\ninformation disclosure.\n\nResolution\n==========\n\nUpgrade to 1.2.3-1.\n\n# pacman -Syu \"packagekit>=1.2.3-1\"\n\nThe problem has been fixed upstream in version 1.2.3.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nThe InstallFiles, GetFilesLocal and GetDetailsLocal methods of the DBus\ninterface to PackageKit <= 1.1.13 access files before checking for\nauthorization. This allows non-privileged users to learn the MIME type\nof any file on the system.\n\nImpact\n======\n\nA non-privileged local attacker could learn the MIME type of any file\non the system.\n\nReferences\n==========\n\nhttps://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887\nhttps://github.com/hughsie/PackageKit/commit/d5e8c59745bf7c521c6f311e6b22b4b67a8b828f\nhttps://security.archlinux.org/CVE-2020-16121", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2021-06-01T00:00:00", "type": "archlinux", "title": "[ASA-202106-18] packagekit: information disclosure", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16121"], "modified": "2021-06-01T00:00:00", "id": "ASA-202106-18", "href": "https://security.archlinux.org/ASA-202106-18", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T14:09:05", "description": "PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-11-07T04:15:00", "type": "cve", "title": "CVE-2020-16121", "cwe": ["CWE-209"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16121"], "modified": "2020-11-18T14:30:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04", "cpe:/a:packagekit_project:packagekit:-"], "id": "CVE-2020-16121", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16121", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe:2.3:a:packagekit_project:packagekit:-:*:*:*:*:*:*:*"]}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "It was discovered that packagekit was subject to a vulnerability where the InstallFiles, GetFilesLocal and GetDetailsLocal methods of the DBus interface to PackageKit accesses given files before checking for authorization. This allows non-privileged users to learn the MIME type of any file on the system. (CVE-2020-16121) \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-11-13T21:20:36", "type": "mageia", "title": "Updated packagekit packages fix a security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16121"], "modified": "2020-11-13T21:20:36", "id": "MGASA-2020-0415", "href": "https://advisories.mageia.org/MGASA-2020-0415.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntu": [{"lastseen": "2022-01-04T11:12:45", "description": "Vaisha Bernard discovered that PackageKit incorrectly handled certain \nmethods. A local attacker could use this issue to learn the MIME type of \nany file on the system. (CVE-2020-16121)\n\nSami Niemim\u00e4ki discovered that PackageKit incorrectly handled local deb \npackages. A local user could possibly use this issue to install untrusted \npackages, contrary to expectations. (CVE-2020-16122)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-09-24T00:00:00", "type": "ubuntu", "title": "PackageKit vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16121", "CVE-2020-16122"], "modified": "2020-09-24T00:00:00", "id": "USN-4538-1", "href": "https://ubuntu.com/security/notices/USN-4538-1", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2022-01-06T03:44:32", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2399-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Roberto C. S\u00e1nchez\nOctober 07, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : packagekit\nVersion : 1.1.5-2+deb9u2\nCVE ID : CVE-2020-16121 CVE-2020-16122\n\nTwo vulnerabilities have been discovered in packagekit, a package\nmanagement service.\n\nCVE-2020-16121\n\n Vaisha Bernard discovered that PackageKit incorrectly handled\n certain methods. A local attacker could use this issue to learn the\n MIME type of any file on the system.\n\nCVE-2020-16122\n\n Sami Niemim\u00e4ki discovered that PackageKit incorrectly handled local\n deb packages. A local user could possibly use this issue to install\n untrusted packages, contrary to expectations.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.1.5-2+deb9u2.\n\nWe recommend that you upgrade your packagekit packages.\n\nFor the detailed security status of packagekit please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/packagekit\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-07T18:53:53", "type": "debian", "title": "[SECURITY] [DLA 2399-1] packagekit security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16121", "CVE-2020-16122"], "modified": "2020-10-07T18:53:53", "id": "DEBIAN:DLA-2399-1:512EA", "href": "https://lists.debian.org/debian-lts-announce/2020/10/msg00011.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}]}

SUSE SLED15 / SLES15 Security Update : PackageKit (SUSE-SU-2020:3911-1)

Description

Related