CVE-2011-2515

Published: 27 November 2019

PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.

Notes

Author	Note
sbeattie	RPMs only

Priority

CVSS 3 base score: 5.3

Status

Package	Release	Status
packagekit Launchpad, Ubuntu, Debian	upstream	Released (0.6.17-1)
	precise	Not vulnerable (0.7.2-4ubuntu3)
	trusty	Does not exist (trusty was not-affected)
	vivid	Not vulnerable

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2515
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›