Bugzilla – Bug 1218544
VUL-0: CVE-2024-0217: PackageKit: use-after-free in Idle function callback
Last modified: 2024-05-30 14:35:39 UTC
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0217 https://access.redhat.com/security/cve/CVE-2024-0217
SUSE-SU-2024:0966-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1218544 CVE References: CVE-2024-0217 Maintenance Incident: [SUSE:Maintenance:32696](https://smelt.suse.de/incident/32696/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): PackageKit-1.1.3-24.18.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): PackageKit-1.1.3-24.18.1 SUSE Linux Enterprise Server 12 SP5 (src): PackageKit-1.1.3-24.18.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): PackageKit-1.1.3-24.18.1 SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): PackageKit-1.1.3-24.18.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1046-1: An update that solves one vulnerability and has one security fix can now be installed. Category: security (moderate) Bug References: 1209138, 1218544 CVE References: CVE-2024-0217 Maintenance Incident: [SUSE:Maintenance:28490](https://smelt.suse.de/incident/28490/) Sources used: openSUSE Leap 15.4 (src): PackageKit-1.2.4-150400.3.13.1 openSUSE Leap 15.5 (src): PackageKit-1.2.4-150400.3.13.1 Desktop Applications Module 15-SP5 (src): PackageKit-1.2.4-150400.3.13.1 SUSE Linux Enterprise Workstation Extension 15 SP5 (src): PackageKit-1.2.4-150400.3.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2024:1202-1: An update that solves one vulnerability, contains two features and has three fixes can now be installed. Category: recommended (moderate) Bug References: 1175678, 1218171, 1218544, 1221525 CVE References: CVE-2024-0217 Jira References: OBS-301, PED-8014 Maintenance Incident: [SUSE:Maintenance:33123](https://smelt.suse.de/incident/33123/) Sources used: openSUSE Leap 15.3 (src): yast2-pkg-bindings-4.3.13-150300.3.8.21, libyui-ncurses-pkg-4.1.5-150300.3.10.19, libyui-qt-4.1.5-150300.3.10.5, libyui-bindings-4.1.5-150300.3.10.5, libyui-ncurses-4.1.5-150300.3.10.5, libyui-ncurses-rest-api-4.1.5-150300.3.10.5, libyui-qt-graph-4.1.5-150300.3.10.5, libyui-4.1.5-150300.3.10.5, libyui-qt-rest-api-4.1.5-150300.3.10.5, libyui-rest-api-4.1.5-150300.3.10.5, libyui-qt-pkg-4.1.5-150300.3.10.17 SUSE Linux Enterprise Server 15 SP2 (src): libzypp-17.32.2-150200.92.3, yast2-pkg-bindings-4.2.17-150200.3.24.6, libyui-ncurses-pkg-2.50.8-150200.3.5.5, libyui-qt-pkg-2.47.5-150200.3.4.4 SUSE Linux Enterprise Server 15 SP3 (src): libzypp-17.32.2-150200.92.3, libyui-qt-pkg-4.1.5-150300.3.10.17, libyui-ncurses-pkg-4.1.5-150300.3.10.19, yast2-pkg-bindings-4.3.13-150300.3.8.21 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): zypper-1.14.69-150200.73.7, libyui-ncurses-pkg-2.50.8-150200.3.5.5, libyui-qt-pkg-2.47.5-150200.3.4.4, yast2-pkg-bindings-4.2.17-150200.3.24.6, libyui-3.9.3-150200.3.2.6, PackageKit-1.1.13-150200.4.30.4, libzypp-17.32.2-150200.92.3, PackageKit-branding-SLE-12.0-150200.9.2.2, libyui-rest-api-0.3.0-150200.3.2.2 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): yast2-pkg-bindings-4.3.13-150300.3.8.21, libyui-ncurses-pkg-4.1.5-150300.3.10.19, libyui-qt-4.1.5-150300.3.10.5, zypper-1.14.69-150200.73.7, libyui-ncurses-4.1.5-150300.3.10.5, libyui-ncurses-rest-api-4.1.5-150300.3.10.5, PackageKit-1.1.13-150200.4.30.4, libyui-qt-graph-4.1.5-150300.3.10.5, libzypp-17.32.2-150200.92.3, libyui-4.1.5-150300.3.10.5, PackageKit-branding-SLE-12.0-150200.9.2.2, libyui-qt-rest-api-4.1.5-150300.3.10.5, libyui-rest-api-4.1.5-150300.3.10.5, libyui-qt-pkg-4.1.5-150300.3.10.17 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): zypper-1.14.69-150200.73.7, libyui-ncurses-pkg-2.50.8-150200.3.5.5, libyui-qt-pkg-2.47.5-150200.3.4.4, yast2-pkg-bindings-4.2.17-150200.3.24.6, libyui-3.9.3-150200.3.2.6, PackageKit-1.1.13-150200.4.30.4, libzypp-17.32.2-150200.92.3, PackageKit-branding-SLE-12.0-150200.9.2.2, libyui-rest-api-0.3.0-150200.3.2.2 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): yast2-pkg-bindings-4.3.13-150300.3.8.21, libyui-ncurses-pkg-4.1.5-150300.3.10.19, libyui-qt-4.1.5-150300.3.10.5, zypper-1.14.69-150200.73.7, libyui-ncurses-4.1.5-150300.3.10.5, libyui-ncurses-rest-api-4.1.5-150300.3.10.5, PackageKit-1.1.13-150200.4.30.4, libyui-qt-graph-4.1.5-150300.3.10.5, libzypp-17.32.2-150200.92.3, libyui-4.1.5-150300.3.10.5, PackageKit-branding-SLE-12.0-150200.9.2.2, libyui-qt-rest-api-4.1.5-150300.3.10.5, libyui-rest-api-4.1.5-150300.3.10.5, libyui-qt-pkg-4.1.5-150300.3.10.17 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): zypper-1.14.69-150200.73.7, libyui-ncurses-pkg-2.50.8-150200.3.5.5, libyui-qt-pkg-2.47.5-150200.3.4.4, yast2-pkg-bindings-4.2.17-150200.3.24.6, libyui-3.9.3-150200.3.2.6, PackageKit-1.1.13-150200.4.30.4, libzypp-17.32.2-150200.92.3, PackageKit-branding-SLE-12.0-150200.9.2.2, libyui-rest-api-0.3.0-150200.3.2.2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): yast2-pkg-bindings-4.3.13-150300.3.8.21, libyui-ncurses-pkg-4.1.5-150300.3.10.19, libyui-qt-4.1.5-150300.3.10.5, zypper-1.14.69-150200.73.7, libyui-ncurses-4.1.5-150300.3.10.5, libyui-ncurses-rest-api-4.1.5-150300.3.10.5, PackageKit-1.1.13-150200.4.30.4, libyui-qt-graph-4.1.5-150300.3.10.5, libzypp-17.32.2-150200.92.3, libyui-4.1.5-150300.3.10.5, PackageKit-branding-SLE-12.0-150200.9.2.2, libyui-qt-rest-api-4.1.5-150300.3.10.5, libyui-rest-api-4.1.5-150300.3.10.5, libyui-qt-pkg-4.1.5-150300.3.10.17 SUSE Enterprise Storage 7.1 (src): yast2-pkg-bindings-4.3.13-150300.3.8.21, libyui-ncurses-pkg-4.1.5-150300.3.10.19, libyui-qt-4.1.5-150300.3.10.5, zypper-1.14.69-150200.73.7, libyui-ncurses-4.1.5-150300.3.10.5, libyui-ncurses-rest-api-4.1.5-150300.3.10.5, PackageKit-1.1.13-150200.4.30.4, libyui-qt-graph-4.1.5-150300.3.10.5, libzypp-17.32.2-150200.92.3, libyui-4.1.5-150300.3.10.5, PackageKit-branding-SLE-12.0-150200.9.2.2, libyui-qt-rest-api-4.1.5-150300.3.10.5, libyui-rest-api-4.1.5-150300.3.10.5, libyui-qt-pkg-4.1.5-150300.3.10.17 SUSE Linux Enterprise Micro 5.1 (src): libzypp-17.32.2-150200.92.3, zypper-1.14.69-150200.73.7 SUSE Linux Enterprise Micro 5.2 (src): libzypp-17.32.2-150200.92.3, zypper-1.14.69-150200.73.7 SUSE Linux Enterprise Micro for Rancher 5.2 (src): libzypp-17.32.2-150200.92.3, zypper-1.14.69-150200.73.7 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.