==========================================================================
Ubuntu Security Notice USN-3634-1
April 24, 2018
packagekit vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.10
Summary:
PackageKit could be made to install or run programs as an administrator.
Software Description:
– packagekit: Provides a package management service
Details:
Matthias Gerstner discovered that PackageKit incorrectly handled
authentication. A local attacker could possibly use this issue to install
arbitrary packages and escalate privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
packagekit 1.1.7-1ubuntu0.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3634-1
CVE-2018-1106
Package Information:
https://launchpad.net/ubuntu/+source/packagekit/1.1.7-1ubuntu0.1
—–BEGIN PGP SIGNATURE—–
iQIcBAEBCgAGBQJa34gCAAoJEGVp2FWnRL6T72IP+gNcyEwiMNF4ZSWoHyPHZg6K
ubgZBcuxrVmYmEdp97kV90Yr+6PziyHiXFttmJ9ElIrLyBVhOKB83jv03gkIDcrG
00s/jTfRqiFCvZvUxMh6MvqNgfOLKn3E4/wVxisoZ/W/NshDzdryx0pr9H9Qhcv2
hHmOoP0uAo6VrzQAZspTx1fSgXjiun7n40/53X8QxIqdpnULz+wEDlbbsqSTiQEu
Q0egwBFwS9a22To0yfqKSsqqpCGBi0/jIBo6nkbFfPyR4G7NfasyP0CImHHvk3EE
EDsA2bcRtwvbLzQa3mETX+Pe4U/GetpCXA98eS6pVJocraiPu/3QvBftQF/xBS12
AdVEkwHDlvKh/nLXfORR6AbYTR3INKg/rWgGcUJMYtEJurc1+dDM9Q2ewRMYJH0p
w2jbTwcatWOFM+TZ0YGu0ykXtJ38HmDKQyw0SATDpJOnLP9Goscu5kOonqiZolzk
yfT0dGuzbm9nts1nslNxodhyB0dexGsO4aCSWHKqTA4JagOmItqzz31NWcElBU63
2dwI9G0Nj5o3j5mDAU4zUqi8lzNLF380qv9XhEgXlSrRaUqErU6tpcDf7XTSSdXJ
wZeQ5KkIlT6IQ45zuYZ0DoTargJOJyNNwtYeDSckDySHaSP18R5Sr6oQGztbDz6F
+EWtqUgEqKAcKdDheYJE
=bDvm
—–END PGP SIGNATURE—–
—