Vulnerability Description
An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially containing hooks with arbitrary code, which will automatically be run as root, or remove packages vital to the system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Manjaro | Manjaro Linux | <= 20180716-1 |
Related Weaknesses (CWE)
References
- https://gitlab.manjaro.org/packages/core/manjaro-system/commit/8208b8aPatchThird Party Advisory
- https://lists.manjaro.org/pipermail/manjaro-security/2018-August/000785.htmlExploitMailing ListVendor Advisory
- https://gitlab.manjaro.org/packages/core/manjaro-system/commit/8208b8aPatchThird Party Advisory
- https://lists.manjaro.org/pipermail/manjaro-security/2018-August/000785.htmlExploitMailing ListVendor Advisory
FAQ
What is CVE-2018-15912?
CVE-2018-15912 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially contai...
How severe is CVE-2018-15912?
CVE-2018-15912 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-15912?
Check the references section above for vendor advisories and patch information. Affected products include: Manjaro Manjaro Linux.