Novell Home

CVE-2013-1764

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-1764 at MITRE

Description

The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.

NVD CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)

SUSE information

SUSE Bugzilla entry: 804983

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • PackageKit >= 0.8.7-4.8.2
  • PackageKit-backend-zypp >= 0.8.7-4.8.2
  • PackageKit-backend-zypp-debuginfo >= 0.8.7-4.8.2
  • PackageKit-branding-upstream >= 0.8.7-4.8.2
  • PackageKit-browser-plugin >= 0.8.7-4.8.2
  • PackageKit-browser-plugin-debuginfo >= 0.8.7-4.8.2
  • PackageKit-debuginfo >= 0.8.7-4.8.2
  • PackageKit-debugsource >= 0.8.7-4.8.2
  • PackageKit-devel >= 0.8.7-4.8.2
  • PackageKit-devel-debuginfo >= 0.8.7-4.8.2
  • PackageKit-gstreamer-plugin >= 0.8.7-4.8.2
  • PackageKit-gstreamer-plugin-debuginfo >= 0.8.7-4.8.2
  • PackageKit-gtk3-module >= 0.8.7-4.8.2
  • PackageKit-gtk3-module-debuginfo >= 0.8.7-4.8.2
  • PackageKit-lang >= 0.8.7-4.8.2
  • libpackagekit-glib2-16 >= 0.8.7-4.8.2
  • libpackagekit-glib2-16-32bit >= 0.8.7-4.8.2
  • libpackagekit-glib2-16-debuginfo >= 0.8.7-4.8.2
  • libpackagekit-glib2-16-debuginfo-32bit >= 0.8.7-4.8.2
  • libpackagekit-glib2-devel >= 0.8.7-4.8.2
  • libpackagekit-glib2-devel-32bit >= 0.8.7-4.8.2
  • typelib-1_0-PackageKitGlib-1_0 >= 0.8.7-4.8.2
  • typelib-1_0-PackageKitPlugin-1_0 >= 0.8.7-4.8.2
Patchnames:
openSUSE-2013-399

© 2015 Novell