Sicherheit: Zwei Probleme in PackageKit

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============9126897198989239541==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="2YuXdVTuvsmBPjAUsKS0Dwwq93pHXIkL2"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--2YuXdVTuvsmBPjAUsKS0Dwwq93pHXIkL2
Content-Type: multipart/mixed;
boundary="Zg1ZKRmGhBddod7S2E9T73gNtHou4acfR"

--Zg1ZKRmGhBddod7S2E9T73gNtHou4acfR
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4538-1
September 24, 2020

packagekit vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in PackageKit.

Software Description:
- packagekit: Provides a package management service

Details:

Vaisha Bernard discovered that PackageKit incorrectly handled certain
methods. A local attacker could use this issue to learn the MIME type of
any file on the system. (CVE-2020-16121)

Sami NiemimÃ€ki discovered that PackageKit incorrectly handled local deb
packages. A local user could possibly use this issue to install untrusted
packages, contrary to expectations. (CVE-2020-16122)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
packagekit 1.1.13-2ubuntu1.1

Ubuntu 18.04 LTS:
packagekit 1.1.9-1ubuntu2.18.04.6

Ubuntu 16.04 LTS:
packagekit 0.8.17-4ubuntu6~gcc5.4ubuntu1.5

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://usn.ubuntu.com/4538-1
CVE-2020-16121, CVE-2020-16122

Package Information:
https://launchpad.net/ubuntu/+source/packagekit/1.1.13-2ubuntu1.1
https://launchpad.net/ubuntu/+source/packagekit/1.1.9-1ubuntu2.18.04.6
https://launchpad.net/ubuntu/+source/packagekit/0.8.17-4ubuntu6~gcc5.4ubuntu1.5

--Zg1ZKRmGhBddod7S2E9T73gNtHou4acfR--

--2YuXdVTuvsmBPjAUsKS0Dwwq93pHXIkL2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl9ssI0ACgkQZWnYVadE
vpPrqg//bzWwXJHSe6BrwAdbJiYWnnfTtP0SwIE0fX6VrjQPIGkWrC0Z4K84b0Th
MM5i0xL88L3CSJlMhj1bo2g+sLHkfU2wuyhm05MKf5guD857I8t2BPt5zGSrXVJh
37tcIngz+GwyIDseJ1R7DoOMtbzxtvLpmyMEJz2VlrefhZBt+I2c0+xE8fQ5pRUh
i2dXkDgoAh+F/1mFtrocpZGTABEUscwe0bXN6qo17wBIBUvW/nVj4EipF/str7Bx
GgM2pmJrFJ31cYsUR4wpHpEWul2CAzfD+6nvThJZbEkiCupz642xUqT1gYjmjOWl
VBK+sHVP24dTP34Rk/pRWnSZH4N798vLLBV911lZxd0YC+mDMjjFi9ggatu6xw2C
aZx5N9c+geCYWvI65VP1F14pAkRrUT+oTF+UzC+azansCxtSS8NTuslnvmbFUcsl
aiuXtSnwL1qQlg/VXhcEtNuBqjNAp8wNLCqY17cWbN4MZeJmwJIY0/AO3yAl8zZz
M6Jw4v3LekspnjY9CDOMMAIC28PZPj19Az/dseLx0BqcpV/0iCozT4l4HfNvx0PK
Lmn0cqLNJCTCPZuBoO/v4LN7YTwZy9btjry66hnw9fPN+Gowcd5wPStAbLVc/5lh
jP542XmheMlp9OD1XBTaDDCtaXn6EwDeK1ZGZdGMjJOtU+PqwPA=
=grJl
-----END PGP SIGNATURE-----

--2YuXdVTuvsmBPjAUsKS0Dwwq93pHXIkL2--

--===============9126897198989239541==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============9126897198989239541==--