Arch Linux Security Advisory ASA-202106-18 ========================================== Severity: Low Date : 2021-06-01 CVE-ID : CVE-2020-16121 Package : packagekit Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-1260 Summary ======= The package packagekit before version 1.2.3-1 is vulnerable to information disclosure. Resolution ========== Upgrade to 1.2.3-1. # pacman -Syu "packagekit>=1.2.3-1" The problem has been fixed upstream in version 1.2.3. Workaround ========== None. Description =========== The InstallFiles, GetFilesLocal and GetDetailsLocal methods of the DBus interface to PackageKit <= 1.1.13 access files before checking for authorization. This allows non-privileged users to learn the MIME type of any file on the system. Impact ====== A non-privileged local attacker could learn the MIME type of any file on the system. References ========== https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887 https://github.com/hughsie/PackageKit/commit/d5e8c59745bf7c521c6f311e6b22b4b67a8b828f https://security.archlinux.org/CVE-2020-16121