PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
References
Link | Resource |
---|---|
https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: canonical
Published: 2020-06-12T00:00:00
Updated: 2020-11-07T04:10:19
Reserved: 2020-07-29T00:00:00
Link: CVE-2020-16122
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-11-07T04:15:12.130
Modified: 2022-10-21T18:12:28.447
Link: CVE-2020-16122
JSON object: View
Redhat Information
No data.