[Mageia-dev] Regular users installing updates through packagekit or rpmdrake

David Walser luigiwalser at yahoo.com
Mon Mar 4 22:38:45 CET 2013


OpenSuSE issued an advisory for PackageKit, because when systems were configured to allow regular users to install security updates, they also had the ability to install *older* updates than the newest, reintroducing security issues into the system.

Does PackageKit in Mageia, or even our own rpmdrake tool which can be configured to allow users to install updates, have an issue with this?

References:
http://lists.opensuse.org/opensuse-updates/2013-03/msg00006.html
https://bugzilla.novell.com/show_bug.cgi?id=804983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1764


More information about the Mageia-dev mailing list