PackageKit-1.2.2-13.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10605 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z PackageKit-1.2.2-13.2 on GA media These are all security issues fixed in the PackageKit-1.2.2-13.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10605 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10605 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2008-4311/ SUSE CVE CVE-2008-4311 page https://www.suse.com/security/cve/CVE-2018-1106/ SUSE CVE CVE-2018-1106 page https://www.suse.com/security/cve/CVE-2020-16121/ SUSE CVE CVE-2020-16121 page openSUSE Tumbleweed PackageKit-1.2.2-13.2 PackageKit-backend-dnf-1.2.2-13.2 PackageKit-backend-zypp-1.2.2-13.2 PackageKit-branding-upstream-1.2.2-13.2 PackageKit-devel-1.2.2-13.2 PackageKit-gstreamer-plugin-1.2.2-13.2 PackageKit-gtk3-module-1.2.2-13.2 PackageKit-lang-1.2.2-13.2 libpackagekit-glib2-18-1.2.2-13.2 libpackagekit-glib2-18-32bit-1.2.2-13.2 libpackagekit-glib2-devel-1.2.2-13.2 libpackagekit-glib2-devel-32bit-1.2.2-13.2 typelib-1_0-PackageKitGlib-1_0-1.2.2-13.2 PackageKit-1.2.2-13.2 as a component of openSUSE Tumbleweed PackageKit-backend-dnf-1.2.2-13.2 as a component of openSUSE Tumbleweed PackageKit-backend-zypp-1.2.2-13.2 as a component of openSUSE Tumbleweed PackageKit-branding-upstream-1.2.2-13.2 as a component of openSUSE Tumbleweed PackageKit-devel-1.2.2-13.2 as a component of openSUSE Tumbleweed PackageKit-gstreamer-plugin-1.2.2-13.2 as a component of openSUSE Tumbleweed PackageKit-gtk3-module-1.2.2-13.2 as a component of openSUSE Tumbleweed PackageKit-lang-1.2.2-13.2 as a component of openSUSE Tumbleweed libpackagekit-glib2-18-1.2.2-13.2 as a component of openSUSE Tumbleweed libpackagekit-glib2-18-32bit-1.2.2-13.2 as a component of openSUSE Tumbleweed libpackagekit-glib2-devel-1.2.2-13.2 as a component of openSUSE Tumbleweed libpackagekit-glib2-devel-32bit-1.2.2-13.2 as a component of openSUSE Tumbleweed typelib-1_0-PackageKitGlib-1_0-1.2.2-13.2 as a component of openSUSE Tumbleweed The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. CVE-2008-4311 openSUSE Tumbleweed:PackageKit-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-backend-dnf-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-backend-zypp-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-branding-upstream-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-devel-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-gstreamer-plugin-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-gtk3-module-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-lang-1.2.2-13.2 openSUSE Tumbleweed:libpackagekit-glib2-18-1.2.2-13.2 openSUSE Tumbleweed:libpackagekit-glib2-18-32bit-1.2.2-13.2 openSUSE Tumbleweed:libpackagekit-glib2-devel-1.2.2-13.2 openSUSE Tumbleweed:libpackagekit-glib2-devel-32bit-1.2.2-13.2 openSUSE Tumbleweed:typelib-1_0-PackageKitGlib-1_0-1.2.2-13.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-4311.html CVE-2008-4311 https://bugzilla.suse.com/443307 SUSE Bug 443307 An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system. CVE-2018-1106 openSUSE Tumbleweed:PackageKit-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-backend-dnf-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-backend-zypp-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-branding-upstream-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-devel-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-gstreamer-plugin-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-gtk3-module-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-lang-1.2.2-13.2 openSUSE Tumbleweed:libpackagekit-glib2-18-1.2.2-13.2 openSUSE Tumbleweed:libpackagekit-glib2-18-32bit-1.2.2-13.2 openSUSE Tumbleweed:libpackagekit-glib2-devel-1.2.2-13.2 openSUSE Tumbleweed:libpackagekit-glib2-devel-32bit-1.2.2-13.2 openSUSE Tumbleweed:typelib-1_0-PackageKitGlib-1_0-1.2.2-13.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-1106.html CVE-2018-1106 https://bugzilla.suse.com/1086936 SUSE Bug 1086936 https://bugzilla.suse.com/1123722 SUSE Bug 1123722 PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. CVE-2020-16121 openSUSE Tumbleweed:PackageKit-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-backend-dnf-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-backend-zypp-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-branding-upstream-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-devel-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-gstreamer-plugin-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-gtk3-module-1.2.2-13.2 openSUSE Tumbleweed:PackageKit-lang-1.2.2-13.2 openSUSE Tumbleweed:libpackagekit-glib2-18-1.2.2-13.2 openSUSE Tumbleweed:libpackagekit-glib2-18-32bit-1.2.2-13.2 openSUSE Tumbleweed:libpackagekit-glib2-devel-1.2.2-13.2 openSUSE Tumbleweed:libpackagekit-glib2-devel-32bit-1.2.2-13.2 openSUSE Tumbleweed:typelib-1_0-PackageKitGlib-1_0-1.2.2-13.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16121.html CVE-2020-16121 https://bugzilla.suse.com/1176930 SUSE Bug 1176930