REDHAT-BUG-2064315
A vulnerability was found in PackageKit in the way some of the methods exposed by the Transaction interface examine files without dropping privileges. The InstallFiles method, for example, will fail silently with a non-existing file, however if the file exists it will read the contents of the file and take longer to return than a non-existing file will. This vulnerability allows a local user to know whether a file owned by root or other users exists.
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-2064315?
The severity of REDHAT-BUG-2064315 is considered to be of medium risk due to potential privilege escalation implications.
How do I fix REDHAT-BUG-2064315?
To fix REDHAT-BUG-2064315, update PackageKit to the latest version as provided by your Linux distribution.
What are the potential impacts of REDHAT-BUG-2064315?
The potential impacts of REDHAT-BUG-2064315 include unauthorized access to sensitive files due to improper privilege handling.
Which versions of PackageKit are affected by REDHAT-BUG-2064315?
REDHAT-BUG-2064315 affects various versions of PackageKit that expose file examination methods without appropriate privilege controls.
Is there a workaround for REDHAT-BUG-2064315?
A temporary workaround for REDHAT-BUG-2064315 may involve restricting user access to sensitive files until an update can be applied.