USN-4538-1: PackageKit vulnerabilities

24 September 2020

Several security issues were fixed in PackageKit.

Releases

Packages

  • packagekit - Provides a package management service

Details

Vaisha Bernard discovered that PackageKit incorrectly handled certain
methods. A local attacker could use this issue to learn the MIME type of
any file on the system. (CVE-2020-16121)

Sami Niemimäki discovered that PackageKit incorrectly handled local deb
packages. A local user could possibly use this issue to install untrusted
packages, contrary to expectations. (CVE-2020-16122)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04

After a standard system update you need to reboot your computer to make all
the necessary changes.