CVE Vulnerabilities

CVE-2013-1764

Published: Apr 16, 2014 | Modified: Apr 17, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM

The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the install updates method.

Affected Software

Name Vendor Start Version End Version
Packagekit Packagekit_project * 0.8.7 (including)
Packagekit Packagekit_project 0.8.1 (including) 0.8.1 (including)
Packagekit Packagekit_project 0.8.2 (including) 0.8.2 (including)
Packagekit Packagekit_project 0.8.3 (including) 0.8.3 (including)
Packagekit Packagekit_project 0.8.4 (including) 0.8.4 (including)
Packagekit Packagekit_project 0.8.5 (including) 0.8.5 (including)
Packagekit Packagekit_project 0.8.6 (including) 0.8.6 (including)

References