Security update for PackageKit SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1046-1 Final 1 1 2024-03-28T10:50:18Z current 2024-03-28T10:50:18Z 2024-03-28T10:50:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for PackageKit This update for PackageKit fixes the following issues: - CVE-2024-0217: Check that Finished signal is emitted at most once (bsc#1218544). - Dropped unnecessary executable permission (bsc#1209138). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-1046,SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-1046,SUSE-SLE-Product-WE-15-SP5-2024-1046,openSUSE-SLE-15.5-2024-1046 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241046-1/ Link for SUSE-SU-2024:1046-1 https://lists.suse.com/pipermail/sle-updates/2024-March/034807.html E-Mail link for SUSE-SU-2024:1046-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1209138 SUSE Bug 1209138 https://bugzilla.suse.com/1218544 SUSE Bug 1218544 https://www.suse.com/security/cve/CVE-2024-0217/ SUSE CVE CVE-2024-0217 page SUSE Linux Enterprise Module for Desktop Applications 15 SP5 SUSE Linux Enterprise Workstation Extension 15 SP5 openSUSE Leap 15.5 PackageKit-1.2.4-150400.3.13.1 PackageKit-backend-dnf-1.2.4-150400.3.13.1 PackageKit-backend-zypp-1.2.4-150400.3.13.1 PackageKit-branding-upstream-1.2.4-150400.3.13.1 PackageKit-devel-1.2.4-150400.3.13.1 PackageKit-gstreamer-plugin-1.2.4-150400.3.13.1 PackageKit-gtk3-module-1.2.4-150400.3.13.1 PackageKit-lang-1.2.4-150400.3.13.1 libpackagekit-glib2-18-1.2.4-150400.3.13.1 libpackagekit-glib2-18-32bit-1.2.4-150400.3.13.1 libpackagekit-glib2-18-64bit-1.2.4-150400.3.13.1 libpackagekit-glib2-devel-1.2.4-150400.3.13.1 libpackagekit-glib2-devel-32bit-1.2.4-150400.3.13.1 libpackagekit-glib2-devel-64bit-1.2.4-150400.3.13.1 typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.13.1 PackageKit-1.2.4-150400.3.13.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5 PackageKit-backend-zypp-1.2.4-150400.3.13.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5 PackageKit-devel-1.2.4-150400.3.13.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5 PackageKit-lang-1.2.4-150400.3.13.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5 libpackagekit-glib2-18-1.2.4-150400.3.13.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5 libpackagekit-glib2-devel-1.2.4-150400.3.13.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5 typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.13.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5 PackageKit-gstreamer-plugin-1.2.4-150400.3.13.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP5 PackageKit-gtk3-module-1.2.4-150400.3.13.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP5 PackageKit-1.2.4-150400.3.13.1 as a component of openSUSE Leap 15.5 PackageKit-backend-dnf-1.2.4-150400.3.13.1 as a component of openSUSE Leap 15.5 PackageKit-backend-zypp-1.2.4-150400.3.13.1 as a component of openSUSE Leap 15.5 PackageKit-branding-upstream-1.2.4-150400.3.13.1 as a component of openSUSE Leap 15.5 PackageKit-devel-1.2.4-150400.3.13.1 as a component of openSUSE Leap 15.5 PackageKit-gstreamer-plugin-1.2.4-150400.3.13.1 as a component of openSUSE Leap 15.5 PackageKit-gtk3-module-1.2.4-150400.3.13.1 as a component of openSUSE Leap 15.5 PackageKit-lang-1.2.4-150400.3.13.1 as a component of openSUSE Leap 15.5 libpackagekit-glib2-18-1.2.4-150400.3.13.1 as a component of openSUSE Leap 15.5 libpackagekit-glib2-18-32bit-1.2.4-150400.3.13.1 as a component of openSUSE Leap 15.5 libpackagekit-glib2-devel-1.2.4-150400.3.13.1 as a component of openSUSE Leap 15.5 libpackagekit-glib2-devel-32bit-1.2.4-150400.3.13.1 as a component of openSUSE Leap 15.5 typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.13.1 as a component of openSUSE Leap 15.5 A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost. CVE-2024-0217 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:PackageKit-1.2.4-150400.3.13.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:PackageKit-backend-zypp-1.2.4-150400.3.13.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:PackageKit-devel-1.2.4-150400.3.13.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:PackageKit-lang-1.2.4-150400.3.13.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libpackagekit-glib2-18-1.2.4-150400.3.13.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libpackagekit-glib2-devel-1.2.4-150400.3.13.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.13.1 SUSE Linux Enterprise Workstation Extension 15 SP5:PackageKit-gstreamer-plugin-1.2.4-150400.3.13.1 SUSE Linux Enterprise Workstation Extension 15 SP5:PackageKit-gtk3-module-1.2.4-150400.3.13.1 openSUSE Leap 15.5:PackageKit-1.2.4-150400.3.13.1 openSUSE Leap 15.5:PackageKit-backend-dnf-1.2.4-150400.3.13.1 openSUSE Leap 15.5:PackageKit-backend-zypp-1.2.4-150400.3.13.1 openSUSE Leap 15.5:PackageKit-branding-upstream-1.2.4-150400.3.13.1 openSUSE Leap 15.5:PackageKit-devel-1.2.4-150400.3.13.1 openSUSE Leap 15.5:PackageKit-gstreamer-plugin-1.2.4-150400.3.13.1 openSUSE Leap 15.5:PackageKit-gtk3-module-1.2.4-150400.3.13.1 openSUSE Leap 15.5:PackageKit-lang-1.2.4-150400.3.13.1 openSUSE Leap 15.5:libpackagekit-glib2-18-1.2.4-150400.3.13.1 openSUSE Leap 15.5:libpackagekit-glib2-18-32bit-1.2.4-150400.3.13.1 openSUSE Leap 15.5:libpackagekit-glib2-devel-1.2.4-150400.3.13.1 openSUSE Leap 15.5:libpackagekit-glib2-devel-32bit-1.2.4-150400.3.13.1 openSUSE Leap 15.5:typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.13.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241046-1/ https://www.suse.com/security/cve/CVE-2024-0217.html CVE-2024-0217 https://bugzilla.suse.com/1218544 SUSE Bug 1218544