USN-4538-1: PackageKit vulnerabilities
24 September 2020
Several security issues were fixed in PackageKit.
Releases
Packages
- packagekit - Provides a package management service
Details
Vaisha Bernard discovered that PackageKit incorrectly handled certain
methods. A local attacker could use this issue to learn the MIME type of
any file on the system. (CVE-2020-16121)
Sami Niemimäki discovered that PackageKit incorrectly handled local deb
packages. A local user could possibly use this issue to install untrusted
packages, contrary to expectations. (CVE-2020-16122)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04
After a standard system update you need to reboot your computer to make all
the necessary changes.