4 matches found
openSUSE Security Update : PackageKit (openSUSE-SU-2013:0889-1)
The PackageKit zypp backend was fixed to only allow patches to be updated. Otherwise a regular user could install new packages or even downgrade older packages to ones with security problems. CVE-2013-1764 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...
CVE-2013-1764
The Zypper aka zypp backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method...
CVE-2013-1764
The CVE-2013-1764 issue affects the Zypper/zypp backend in PackageKit prior to 0.8.8. According to multiple sources (SUSE, UBUNTU, Debian, etc.), local users can downgrade packages via the install updates method, indicating a local escalation/precedent flaw that allows downgrades rather than enf...
CVE-2013-1764
The Zypper aka zypp backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method...