CVE-2013-1764
NONE EPSS 30.1%
Published Apr 16, 201412y ago · Modified Jun 16, 20262w ago
Published Apr 16, 2014 12y ago
Last Modified Jun 16, 2026 2w ago
Description
The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.
Threat Intelligence
EPSS Exploit Probability
30.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-264
Affected Products 7
| Vendor | Product | Version | Range |
|---|---|---|---|
| packagekit_project | packagekit | * | ≤0.8.7 |
| packagekit_project | packagekit | 0.8.1 | any |
| packagekit_project | packagekit | 0.8.2 | any |
| packagekit_project | packagekit | 0.8.3 | any |
| packagekit_project | packagekit | 0.8.4 | any |
| packagekit_project | packagekit | 0.8.5 | any |
| packagekit_project | packagekit | 0.8.6 | any |
References 6
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-06/msg00026.html
- openwall.com http://www.openwall.com/lists/oss-security/2013/02/25/20
- bugs.freedesktop.org https://bugs.freedesktop.org/show_bug.cgi?id=61231
- bugzilla.novell.com https://bugzilla.novell.com/show_bug.cgi?id=804983
- gitorious.org https://gitorious.org/packagekit/packagekit/commit/d3d14631042237bcfe6fb30a60e59bb6d94af425
- gitorious.org https://gitorious.org/packagekit/packagekit/source/NEWS
Remediation
- bugs.freedesktop.org https://bugs.freedesktop.org/show_bug.cgi?id=61231