An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially containing hooks with arbitrary code, which will automatically be run as root, or remove packages vital to the system.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-08-29T19:00:00
Updated: 2024-08-05T10:10:05.136Z
Reserved: 2018-08-28T00:00:00
Link: CVE-2018-15912
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-08-29T19:29:00.967
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-15912
Redhat
No data.