From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2013-March/023323.html | 84 +++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 zarb-ml/mageia-dev/2013-March/023323.html (limited to 'zarb-ml/mageia-dev/2013-March/023323.html') diff --git a/zarb-ml/mageia-dev/2013-March/023323.html b/zarb-ml/mageia-dev/2013-March/023323.html new file mode 100644 index 000000000..ba6d83730 --- /dev/null +++ b/zarb-ml/mageia-dev/2013-March/023323.html @@ -0,0 +1,84 @@ + + + + [Mageia-dev] Regular users installing updates through packagekit or rpmdrake + + + + + + + + + +

[Mageia-dev] Regular users installing updates through packagekit or rpmdrake

+ David Walser + luigiwalser at yahoo.com +
+ Wed Mar 6 17:27:06 CET 2013 +

+
+ +
David Walser <luigiwalser at ...> writes:
+> OpenSuSE issued an advisory for PackageKit, because when systems were
+configured to allow regular users
+> to install security updates, they also had the ability to install *older*
+updates than the newest,
+> reintroducing security issues into the system.
+> 
+> Does PackageKit in Mageia, or even our own rpmdrake tool which can be
+configured to allow users to install
+> updates, have an issue with this?
+> 
+> References:
+> http://lists.opensuse.org/opensuse-updates/2013-03/msg00006.html
+> https://bugzilla.novell.com/show_bug.cgi?id=804983
+> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1764
+
+It doesn't appear to me that our tools will let regular users install older
+package versions.
+
+As for PackageKit, I have no idea.  Could someone lend some insight on this?
+
+
+ + + + + + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1