USN-3634-1: PackageKit vulnerability

24 April 2018

PackageKit could be made to install or run programs as an administrator.

Releases

Packages

  • packagekit - Provides a package management service

Details

Matthias Gerstner discovered that PackageKit incorrectly handled
authentication. A local attacker could possibly use this issue to install
arbitrary packages and escalate privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10

After a standard system update you need to reboot your computer to make
all the necessary changes.

References