(RHSA-2018:1224) Moderate: PackageKit security update

2018-04-24T21:22:31
ID RHSA-2018:1224
Type redhat
Reporter RedHat
Modified 2018-04-24T21:38:40

Description

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API.

Security Fix(es):

  • PackageKit: authentication bypass allows to install signed packages without administrator privileges (CVE-2018-1106)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Matthias Gerstner (SUSE) for reporting this issue.