PackageKit Signature Verification Security Bypass Vulnerability

PackageKit is prone to a signature-verification security-bypass vulnerability because of an error that occurs when verifying the GPG signature of a package.

An attacker may exploit this issue to lead a user into a false sense of security and cause the application to accept unsigned packages. Successful attacks may allow the attacker to execute arbitrary code on a vulnerable computer.


Privacy Statement
Copyright 2010, SecurityFocus