CVE-2013-1764

NONE EPSS 30.1%
Published Apr 16, 201412y ago · Modified Jun 16, 20262w ago
Find Similar
Published Apr 16, 2014 12y ago
Last Modified Jun 16, 2026 2w ago

Description

The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.

Threat Intelligence

EPSS Exploit Probability
30.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-264

Affected Products 7

VendorProductVersionRange
packagekit_projectpackagekit* ≤0.8.7
packagekit_projectpackagekit0.8.1any
packagekit_projectpackagekit0.8.2any
packagekit_projectpackagekit0.8.3any
packagekit_projectpackagekit0.8.4any
packagekit_projectpackagekit0.8.5any
packagekit_projectpackagekit0.8.6any

References 6

  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-06/msg00026.html
  • openwall.com http://www.openwall.com/lists/oss-security/2013/02/25/20
  • bugs.freedesktop.org https://bugs.freedesktop.org/show_bug.cgi?id=61231
    Patch
  • bugzilla.novell.com https://bugzilla.novell.com/show_bug.cgi?id=804983
  • gitorious.org https://gitorious.org/packagekit/packagekit/commit/d3d14631042237bcfe6fb30a60e59bb6d94af425
  • gitorious.org https://gitorious.org/packagekit/packagekit/source/NEWS
    Vendor Advisory

Remediation