PackageKit-1.1.5-2.0.1.el7.AXS7

エラータID: AXSA:2018-3051:01

Release date: 
Monday, May 14, 2018 - 10:38
Subject: 
PackageKit-1.1.5-2.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API.

Security Fix(es):

* PackageKit: authentication bypass allows to install signed packages without administrator privileges (CVE-2018-1106)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Asianux would like to thank Matthias Gerstner (SUSE) for reporting this issue.

CVE-2018-1106
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.

Solution: 

Update packages.

CVEs: 
CVE-2018-1106
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
Additional Info: 

N/A

Download: 

SRPMS
  1. PackageKit-1.1.5-2.0.1.el7.AXS7.src.rpm
    MD5: af1e057862224c31ea9320b5927b3344
    SHA-256: 88f1f129fc81848a7e4bb1adfcd487737f7722621a10feaf7a0f36a0c7ced6de
    Size: 1.37 MB

Asianux Server 7 for x86_64
  1. PackageKit-1.1.5-2.0.1.el7.AXS7.x86_64.rpm
    MD5: a6322fe1d605449775be629f26812ce4
    SHA-256: 7bb636a8db1336444a3359b0ee4a9f941d4c60090ac1eb57e6bbb29e9189a493
    Size: 581.80 kB
  2. PackageKit-command-not-found-1.1.5-2.0.1.el7.AXS7.x86_64.rpm
    MD5: cf9c221c31ea962431ebc09eeafe8552
    SHA-256: 173521f5217ad7345093e6f155430e2a99088823e09d2fcb650ad0449cbeb8db
    Size: 19.77 kB
  3. PackageKit-glib-1.1.5-2.0.1.el7.AXS7.x86_64.rpm
    MD5: 9df44843152f93d34dd1d2cba057163c
    SHA-256: ad89bcd9bef20500844fb0f5f038513b9640770240f15648cbd5f6b72a59eded
    Size: 126.19 kB
  4. PackageKit-gstreamer-plugin-1.1.5-2.0.1.el7.AXS7.x86_64.rpm
    MD5: f1f94786b6ae7b41a8d30ae2423a57c0
    SHA-256: bf66b6518e0e8ae74e529ae07d16b4d314b92fc43935a917003ea483c4003993
    Size: 10.70 kB
  5. PackageKit-gtk3-module-1.1.5-2.0.1.el7.AXS7.x86_64.rpm
    MD5: 1732977ffb07ab471971955a73b3a43f
    SHA-256: 146ccea494fa08a9732474bd65cbea610f889e82296f15243c638ace02d97a02
    Size: 11.33 kB
  6. PackageKit-yum-1.1.5-2.0.1.el7.AXS7.x86_64.rpm
    MD5: b3704b1a684a6493a11d20dc2988f720
    SHA-256: 70dfc20f4febb1680ae839e1ae7cfa0ff456902247dea20f3f91f3e33a11dd00
    Size: 74.27 kB
  7. PackageKit-glib-1.1.5-2.0.1.el7.AXS7.i686.rpm
    MD5: e48818f963b53c9450358d1557d7193c
    SHA-256: 2e712ad31714812a1058862cc2da503dc49562d9153814cff361069fdec349c2
    Size: 120.86 kB
  8. PackageKit-gtk3-module-1.1.5-2.0.1.el7.AXS7.i686.rpm
    MD5: 1240d6ef2a4cb20dfbadb737e080ddfa
    SHA-256: 10da12575499d4833b118106417b56defe097aefb7fd4fc1e313cedeaad56f44
    Size: 11.17 kB