Fedora 15 : PackageKit-0.6.15-2.fc15 (2011-8943)

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

- Upstream yum recently changed the behaviour when
checking signatures on a package. The commit added a new
configuration key which only affects local packages, but
the key was set by default to False.

- This meant that an end user could install a local
unsigned rpm package using PackageKit without a GPG
trust check, and the user would be told the untrusted
package is itself trusted.

- To exploit this low-impact vulnerability, a user would
have to manually download an unsigned package file and
would still be required to authenticate to install the
package.

- The CVE-ID for this bug is CVE-2011-2515

- See https://bugzilla.redhat.com/show_bug.cgi?id=717566
for details.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=717566
https://bugzilla.redhat.com/show_bug.cgi?id=718127
http://www.nessus.org/u?20d2bb50

Solution :

Update the affected PackageKit package.

Risk factor :

Low / CVSS Base Score : 1.5
(CVSS2#AV:L/AC:M/Au:S/C:N/I:P/A:N)

Family: Fedora Local Security Checks

Nessus Plugin ID: 55500 ()

Bugtraq ID:

CVE ID: CVE-2011-2515

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now