David Walser <luigiwalser@...> writes: > OpenSuSE issued an advisory for PackageKit, because when systems were configured to allow regular users > to install security updates, they also had the ability to install *older* updates than the newest, > reintroducing security issues into the system. > > Does PackageKit in Mageia, or even our own rpmdrake tool which can be configured to allow users to install > updates, have an issue with this? > > References: > http://lists.opensuse.org/opensuse-updates/2013-03/msg00006.html > https://bugzilla.novell.com/show_bug.cgi?id=804983 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1764
It doesn't appear to me that our tools will let regular users install older package versions. As for PackageKit, I have no idea. Could someone lend some insight on this?
