SUSE SLED15 / SLES15 Security Update : PackageKit (SUSE-SU-2020:3845-1)

This update for PackageKit fixes the following issue : CVE-2020-16121: Fixed an Information disclosure in InstallFiles, GetFilesLocal and GetDetailsLocal bsc1176930. Notify service manager when it shutdown and cleanup temporary files when PackageKit quits. bsc1169739 Note that Tenable Network...

SUSE-SU-2020:3845-1 Security update for PackageKit

This update for PackageKit fixes the following issue: - CVE-2020-16121: Fixed an Information disclosure in InstallFiles, GetFilesLocal and GetDetailsLocal bsc1176930. - Notify service manager when it shutdown and cleanup temporary files when PackageKit quits. bsc1169739...

Privilege Escalation

PackageKit is vulnerable to privilege escalation attacks. A local authenticated attacker could install malicious packages using a configured PolicyKit...

Information Disclosure

PackageKit is vulnerable to information disclosure. Detailed error messages disclosing confidential information such as file presence and mimetype of files are shown to unprivileged callers...

MGASA-2020-0415 Updated packagekit packages fix a security vulnerability

It was discovered that packagekit was subject to a vulnerability where the InstallFiles, GetFilesLocal and GetDetailsLocal methods of the DBus interface to PackageKit accesses given files before checking for authorization. This allows non-privileged users to learn the MIME type of any file on the...

Updated packagekit packages fix a security vulnerability

It was discovered that packagekit was subject to a vulnerability where the InstallFiles, GetFilesLocal and GetDetailsLocal methods of the DBus interface to PackageKit accesses given files before checking for authorization. This allows non-privileged users to learn the MIME type of any file on the...

CVE-2020-16121

PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own...

CVE-2020-16122

PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...

CVE-2020-16122

PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...

DEBIAN-CVE-2020-16122

PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...

CVE-2020-16121

PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own...

DEBIAN-CVE-2020-16121

PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own...

Information disclosure

PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own...

Design/Logic Flaw

PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...

CVE-2020-16122

CVE-2020-16122 concerns PackageKit’s apt backend, which incorrectly treated all local .deb packages as trusted. The vulnerability arises because the apt security model relies on repository trust rather than the contents of individual files, enabling a local attacker to potentially install malicio...

CVE-2020-16121

CVE-2020-16121 affects PackageKit in multiple Linux distros. The flaw allows a local, unprivileged user to learn the MIME type and presence of files via DBus interfaces (InstallFiles, GetFilesLocal, GetDetailsLocal). Several advisories and Nessus/NVD references show this as an information-disclos...

CVE-2020-16121 PackageKit error messages leak presence and mimetype of files to unprivileged users

PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own...

CVE-2020-16122 Packagekit's apt backend lets user install untrusted local packages

PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...

CVE-2020-16122

PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages...

CVE-2020-16121

PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own...