Advisories » MGASA-2020-0415

Updated packagekit packages fix a security vulnerability

Publication date: 13 Nov 2020
Modification date: 13 Nov 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-16121

Description

It was discovered that packagekit was subject to a vulnerability where the
InstallFiles, GetFilesLocal and GetDetailsLocal methods of the DBus interface
to PackageKit accesses given files before checking for authorization. This
allows non-privileged users to learn the MIME type of any file on the system.
(CVE-2020-16121)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27321
• https://ubuntu.com/security/notices/USN-4538-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16121

SRPMS

7/core

• packagekit-1.1.12-3.1.mga7