Vulnerability in Packagekit_project Packagekit

CVE-2013-1764

The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.

EPSS: 0.001 (20.0th percentile) — read the EPSS interpretation.

Affected products

Packagekit_project Packagekit — versions 0.8.1, 0.8.2, 0.8.3
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

[oss-security] 20130225 Re: CVE Request: PackageKit"update" allows downgrade of packages when using the "zypp" backend (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
openSUSE-SU-2013:0889 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)