[Mageia-dev] Regular users installing updates through packagekit or rpmdrake
David Walser
luigiwalser at yahoo.com
Wed Mar 6 17:27:06 CET 2013
David Walser <luigiwalser at ...> writes:
> OpenSuSE issued an advisory for PackageKit, because when systems were
configured to allow regular users
> to install security updates, they also had the ability to install *older*
updates than the newest,
> reintroducing security issues into the system.
>
> Does PackageKit in Mageia, or even our own rpmdrake tool which can be
configured to allow users to install
> updates, have an issue with this?
>
> References:
> http://lists.opensuse.org/opensuse-updates/2013-03/msg00006.html
> https://bugzilla.novell.com/show_bug.cgi?id=804983
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1764
It doesn't appear to me that our tools will let regular users install older
package versions.
As for PackageKit, I have no idea. Could someone lend some insight on this?
More information about the Mageia-dev
mailing list