You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa packagekit

Sigurnosni nedostatak programskog paketa packagekit

by Marina Dimic Vugec - 0

==========================================================================
Ubuntu Security Notice USN-3634-1
April 24, 2018

packagekit vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10

Summary:

PackageKit could be made to install or run programs as an administrator.

Software Description:
– packagekit: Provides a package management service

Details:

Matthias Gerstner discovered that PackageKit incorrectly handled
authentication. A local attacker could possibly use this issue to install
arbitrary packages and escalate privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
packagekit 1.1.7-1ubuntu0.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3634-1
CVE-2018-1106

Package Information:
https://launchpad.net/ubuntu/+source/packagekit/1.1.7-1ubuntu0.1

—–BEGIN PGP SIGNATURE—–

iQIcBAEBCgAGBQJa34gCAAoJEGVp2FWnRL6T72IP+gNcyEwiMNF4ZSWoHyPHZg6K
ubgZBcuxrVmYmEdp97kV90Yr+6PziyHiXFttmJ9ElIrLyBVhOKB83jv03gkIDcrG
00s/jTfRqiFCvZvUxMh6MvqNgfOLKn3E4/wVxisoZ/W/NshDzdryx0pr9H9Qhcv2
hHmOoP0uAo6VrzQAZspTx1fSgXjiun7n40/53X8QxIqdpnULz+wEDlbbsqSTiQEu
Q0egwBFwS9a22To0yfqKSsqqpCGBi0/jIBo6nkbFfPyR4G7NfasyP0CImHHvk3EE
EDsA2bcRtwvbLzQa3mETX+Pe4U/GetpCXA98eS6pVJocraiPu/3QvBftQF/xBS12
AdVEkwHDlvKh/nLXfORR6AbYTR3INKg/rWgGcUJMYtEJurc1+dDM9Q2ewRMYJH0p
w2jbTwcatWOFM+TZ0YGu0ykXtJ38HmDKQyw0SATDpJOnLP9Goscu5kOonqiZolzk
yfT0dGuzbm9nts1nslNxodhyB0dexGsO4aCSWHKqTA4JagOmItqzz31NWcElBU63
2dwI9G0Nj5o3j5mDAU4zUqi8lzNLF380qv9XhEgXlSrRaUqErU6tpcDf7XTSSdXJ
wZeQ5KkIlT6IQ45zuYZ0DoTargJOJyNNwtYeDSckDySHaSP18R5Sr6oQGztbDz6F
+EWtqUgEqKAcKdDheYJE
=bDvm
—–END PGP SIGNATURE—–

Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa python-paramiko

Otkriven je sigurnosni nedostatak u programskom paketu python-paramiko za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih ograničenja....

Close