|
|
Log in / Subscribe / Register

Debian alert DLA-4545-1 (packagekit)



From:
              Thorsten Alteholz <debian@alteholz.de>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 4545-1] packagekit security update


Date:
              Wed, 22 Apr 2026 13:03:00 +0000


Message-ID:
              <b916a067-9be8-856b-18e7-cc7380792e4@alteholz.de>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4545-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
April 22, 2026                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : packagekit
Version        : 1.2.2-2+deb11u1
CVE ID         : not yet available


Maik Schaefer discovered that a TOCTOU race condition in PackageKit (a 
package management service over a DBus interface) could result in local
privilege escalation.


For Debian 11 bullseye, this problem has been fixed in version
1.2.2-2+deb11u1.

We recommend that you upgrade your packagekit packages.

For the detailed security status of packagekit please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/packagekit

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmnoxwRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeYMw/9FIrQ8i+KWZHCyI1of1YXdkKtkGiGh7vK1KORiewVb9XxBec7rsnCaFLS
++QshCQhBY5OgK5lbQiZtrG9UeFeQqx7/qG+BKzQMIHqZWwgNTRgFoC3/BWNnA7j
ghiiGf06siKXce1oT4qKGlAfYXdHeqMzOkUrz+eM9vtZtbWwCYJ8US+Ipa/lqpvx
+q3aoppTL0LCgR7kuV9qfp/3EzRUULl/Cfa4oEsiQhtlE30djhnAmAqsLNGpiJjA
iRanSEQE5CxpJH2ZZocBj1Z/5a/wJ5c4FuG8kuUvS9QKYwzP9LUbyJaQS3qRDdvl
nsNyhD/hs64/l9UOeghqPHKQ3cdQs7HLAWfMlIGuj8eOhzkPSiUNY/Y5GEjC8mNa
GZbbTr+lHKZCFuUWRzlfjSikgBEPjY+crrXt0K3KM41i7XzIhCU1xQCtUnPrmE2k
FwVl71Eeuog7DUJc3veN7ke020Xjlpxmmwu7icKsticVIOCLT3OMlVeZpYBc3mFT
G9SDBMxT4YgTK1z3dvSNN3i8Md/8ke45pHzPncmu9czc4uEZggY6ONLvTIqFvowq
aEjkaZC6xBvFhfnq+M9uRdOCrUwXZqesYIpFNMa/B/ai6E+Sz9GWqAn45JjURgqW
ekdhb7SaGSxVNykoKB2g9YNmyJb5vf1nHjDcoGUim3XwdyaWH04=
=5ur1
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds