<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>PackageKit | OKHK 👀</title><description>个人数字泔水\(⁠◔⁠‿⁠◔⁠)✨ Thinking...</description><link>https://tg.okhk.net</link><item><title>🔴 PackageKit 本地提权漏洞；请尽快升级至 1.3.5</title><link>https://tg.okhk.net/posts/9522</link><guid isPermaLink="true">https://tg.okhk.net/posts/9522</guid><pubDate>Wed, 22 Apr 2026 13:14:23 GMT</pubDate><content:encoded>&lt;i&gt;&lt;b&gt;🔴&lt;/b&gt;&lt;/i&gt; &lt;mark&gt;PackageKit&lt;/mark&gt; 本地提权漏洞；请尽快升级至 1.3.5。&lt;br /&gt;&lt;br /&gt;- 修复版本 1.3.5 在约两小时前发布。&lt;br /&gt;- &lt;mark&gt;PackageKit&lt;/mark&gt; 是许多包管理器的后端，在 Ubuntu、Debian、Fedora 等发行版上被广泛应用；最早受影响版本 1.0.2 版本在 12 年前发布。&lt;br /&gt;- 鉴于以上情况，目前大部分正在运行的 Linux 系统都受此漏洞影响，建议系统管理员在更新版本于发行版发布后及时更新。&lt;br /&gt;&lt;br /&gt;CVSS: 8.8/10&lt;br /&gt;Affect: [1.0.2, 1.3.4]&lt;br /&gt;&lt;br /&gt;- &lt;a href=&quot;https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv&quot; target=&quot;_blank&quot;&gt;GHSA-f55j-vvr9-69xv&lt;/a&gt;&lt;br /&gt;- &lt;a href=&quot;https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html&quot; target=&quot;_blank&quot;&gt;github.security.telekom.com/~&lt;/a&gt;&lt;br /&gt;&lt;br /&gt;linksrc: &lt;a href=&quot;https://t.me/bupt_moe/2712&quot; target=&quot;_blank&quot;&gt;https://t.me/bupt_moe/2712&lt;/a&gt;&lt;br /&gt;&lt;br /&gt;&lt;a href=&quot;/search/result?q=%23Security&quot;&gt;#Security&lt;/a&gt; &lt;a href=&quot;/search/result?q=%23PackageKit&quot;&gt;#PackageKit&lt;/a&gt;&lt;a href=&quot;https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv&quot; target=&quot;_blank&quot;&gt;
  
  &lt;div&gt;GitHub&lt;/div&gt;
  &lt;img class=&quot;link_preview_image&quot; alt=&quot;Race condition vulnerability leads to arbitrary package installation as root&quot; src=&quot;/static/https://cdn4.telesco.pe/file/eUR0d7Qz79BmVkWNywxUoAHgGoOJrSXkswyCoN2QgXXXRgE6sVcUk47ugp3wnq_CCHqIIKI59ZvxbqCvNr5nAL08XYKGYhTEPJpdxnyuD8Lqud2NRWdLVvR2VkD-zQShpMU3Jh-d1l2HsmZrc-zI6xa0kmC67np4ndt_1h9eOQAe0DgyvAgodmOZaW6Gdu6XJkDf2ocu7EUxmCk-jOfD2yiVED6MVzNVrbPnIIPfJumpE1svoRK0_LuYaiIM20GZEEKqFLFCp0edUMsssNrQFnGBwTgjv6hmvPFmlizCmTkIHy2Ih_6BYBJvbQWngjr8SMgVqzxB6P3v_hyZ5391zw.jpg&quot; width=&quot;1200&quot; height=&quot;630&quot; loading=&quot;eager&quot; /&gt;
  &lt;div&gt;Race condition vulnerability leads to arbitrary package installation as root&lt;/div&gt;
  &lt;div&gt;This report explains a vulnerability within &lt;mark&gt;PackageKit&lt;/mark&gt;, that allows unprivileged user installing packages as root and thus leads to a local privilege escalation. &lt;br /&gt; &lt;br /&gt;All &lt;mark&gt;PackageKit&lt;/mark&gt; versions between ...&lt;/div&gt;
&lt;/a&gt;</content:encoded></item></channel></rss>