Local User Package Downgrade Issue in PackageKit by SUSE
CVE-2013-1764

Currently unrated

Key Information:

Vendor: Packagekit Project
Status: Packagekit
Vendor: CVE Published:; 16 April 2014

🔔 Create Packagekit Project Vulnerability Alert

What is CVE-2013-1764?

The PackageKit application, specifically its Zypper backend, allows local users to downgrade installed packages utilizing the 'install updates' command. This vulnerability presents significant risks as it can enable unauthorized users to revert software to earlier versions, potentially introducing known vulnerabilities or bugs that were previously patched. Users should ensure they are using an updated version of PackageKit, specifically version 0.8.8 or later, to mitigate this risk. Additional information and discussions on this vulnerability can be found in community forums and advisories.

References

http://www.openwall.com/lists/oss-security/2013/02/25/20

mailing-listx_refsource_MLIST

https://gitorious.org/packagekit/packagekit/source/NEWS

x_refsource_CONFIRM

https://bugs.freedesktop.org/show_bug.cgi?id=61231

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2014
Vulnerability Reserved
Feb 19, 2013

CVE-2013-1764 Data

JSON