Security update for PackageKit SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:3845-1 Final 1 1 2020-12-16T09:42:56Z current 2020-12-16T09:42:56Z 2020-12-16T09:42:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for PackageKit This update for PackageKit fixes the following issue: - CVE-2020-16121: Fixed an Information disclosure in InstallFiles, GetFilesLocal and GetDetailsLocal (bsc#1176930). - Notify service manager when it shutdown and cleanup temporary files when PackageKit quits. (bsc#1169739) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2020-3845,SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3845,SUSE-SLE-Product-WE-15-SP1-2020-3845 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20203845-1/ Link for SUSE-SU-2020:3845-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008075.html E-Mail link for SUSE-SU-2020:3845-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1169739 SUSE Bug 1169739 https://bugzilla.suse.com/1176930 SUSE Bug 1176930 https://www.suse.com/security/cve/CVE-2020-16121/ SUSE CVE CVE-2020-16121 page SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP1 PackageKit-1.1.10-12.10.1 PackageKit-backend-zypp-1.1.10-12.10.1 PackageKit-branding-upstream-1.1.10-12.10.1 PackageKit-devel-1.1.10-12.10.1 PackageKit-gstreamer-plugin-1.1.10-12.10.1 PackageKit-gtk3-module-1.1.10-12.10.1 PackageKit-lang-1.1.10-12.10.1 libpackagekit-glib2-18-1.1.10-12.10.1 libpackagekit-glib2-18-32bit-1.1.10-12.10.1 libpackagekit-glib2-18-64bit-1.1.10-12.10.1 libpackagekit-glib2-devel-1.1.10-12.10.1 libpackagekit-glib2-devel-32bit-1.1.10-12.10.1 libpackagekit-glib2-devel-64bit-1.1.10-12.10.1 typelib-1_0-PackageKitGlib-1_0-1.1.10-12.10.1 PackageKit-1.1.10-12.10.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 PackageKit-backend-zypp-1.1.10-12.10.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 PackageKit-devel-1.1.10-12.10.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 PackageKit-lang-1.1.10-12.10.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 libpackagekit-glib2-18-1.1.10-12.10.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 libpackagekit-glib2-devel-1.1.10-12.10.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 typelib-1_0-PackageKitGlib-1_0-1.1.10-12.10.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 PackageKit-gstreamer-plugin-1.1.10-12.10.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP1 PackageKit-gtk3-module-1.1.10-12.10.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP1 PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. CVE-2020-16121 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:PackageKit-1.1.10-12.10.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:PackageKit-backend-zypp-1.1.10-12.10.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:PackageKit-devel-1.1.10-12.10.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:PackageKit-lang-1.1.10-12.10.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libpackagekit-glib2-18-1.1.10-12.10.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libpackagekit-glib2-devel-1.1.10-12.10.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:typelib-1_0-PackageKitGlib-1_0-1.1.10-12.10.1 SUSE Linux Enterprise Workstation Extension 15 SP1:PackageKit-gstreamer-plugin-1.1.10-12.10.1 SUSE Linux Enterprise Workstation Extension 15 SP1:PackageKit-gtk3-module-1.1.10-12.10.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203845-1/ https://www.suse.com/security/cve/CVE-2020-16121.html CVE-2020-16121 https://bugzilla.suse.com/1176930 SUSE Bug 1176930