20 matches found
EulerOS 2.0 SP5 : PackageKit (EulerOS-SA-2019-2700)
According to the version of the PackageKit packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed...
NewStart CGSL CORE 5.04 / MAIN 5.04 : PackageKit Vulnerability (NS-SA-2019-0028)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has PackageKit packages installed that are affected by a vulnerability: - An authentication bypass flaw has been found in PackageKit that allows users without administrator privileges to install signed packages. A local attacke...
Fedora 28 : PackageKit (2018-a86100a264)
New upstream release - This release fixes CVE-2018-1106 which is a moderate security issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possib...
CentOS Update for PackageKit CESA-2018:1224 centos7
Check the version of PackageKit SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882896";...
PackageKit security update
CentOS Errata and Security Advisory CESA-2018:1224 An update for PackageKit is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...
Debian DSA-4207-1 : packagekit - security update
Matthias Gerstner discovered that PackageKit, a DBus abstraction layer for simple software management tasks, contains an authentication bypass flaw allowing users without privileges to install local packages. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
Scientific Linux Security Update : PackageKit on SL7.x x86_64 (20180424)
Security Fixes : - PackageKit: authentication bypass allows to install signed packages without administrator privileges CVE-2018-1106 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid109463; scriptversion"1.6";...
Fedora 27 : PackageKit (2018-a3b7c7eb79)
New upstream release - This release fixes CVE-2018-1106 which is a moderate security issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possib...
Amazon Linux 2 : PackageKit (ALAS-2018-1006)
Authentication bypass allows to install signed packages without administrator privileges An authentication bypass flaw has been found in PackageKit that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable...
Medium: PackageKit
Issue Overview: Authentication bypass allows to install signed packages without administrator privileges An authentication bypass flaw has been found in PackageKit that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install...
Oracle Linux 7 : PackageKit (ELSA-2018-1224)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1224 advisory. - Fixes CVE-2018-1106 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested fo...
Ubuntu 17.10 : PackageKit vulnerability (USN-3634-1)
Matthias Gerstner discovered that PackageKit incorrectly handled authentication. A local attacker could possibly use this issue to install arbitrary packages and escalate privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security...
openSUSE: Security Advisory for PackageKit (openSUSE-SU-2018:1049-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Moderate: Red Hat Security Advisory: PackageKit security update
An update for PackageKit is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Security update for PackageKit (important)
This update for PackageKit fixes the following security issue: - CVE-2018-1106: Drop the polkit rule which could allow users in wheel group to install packages without root password bsc1086936. This update was imported from the SUSE:SLE-12-SP2:Update update project...
PackageKit security update
1.1.5-2.0.1 - remove PackageKit-0.3.8-Fedora-Vendor.conf.patch 1.1.5-2 - Fixes CVE-2018-1106 - Resolves: rhbz1566425...
openSUSE Security Update : PackageKit (openSUSE-2018-386)
This update for PackageKit fixes the following security issue : - CVE-2018-1106: Drop the polkit rule which could allow users in wheel group to install packages without root password bsc1086936. This update was imported from the SUSE:SLE-12-SP2:Update update project. %NASLMINLEVEL 70300 C Tenable...
SUSE SLED12 / SLES12 Security Update : PackageKit (SUSE-SU-2018:1047-1)
CVE-2018-1106: Drop the polkit rule which could allow users in wheel group to install packages without root password bsc1086936. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean...
CVE-2018-1106
CVE-2018-1106 affects PackageKit prior to 1.1.10. The vulnerability is an authentication bypass that allows a non-administrative user to install signed packages, enabling local privilege escalation and potential system compromise by installing vulnerable packages. Public advisories (various OS ve...
SUSE-SU-2018:1047-1 Security update for PackageKit
CVE-2018-1106: Drop the polkit rule which could allow users in wheel group to install packages without root password bsc1086936...