🤣 不一定客观，不一定理性，个人数字泔水\(⁠◔⁠‿⁠◔⁠)✨ Thinking...https://okhk.pages.devhttps://okhk.pages.dev/posts/9522https://okhk.pages.dev/posts/9522Wed, 22 Apr 2026 13:14:23 GMT<i><b>🔴</b></i> <mark>PackageKit</mark> 本地提权漏洞；请尽快升级至 1.3.5。<br /><br />- 修复版本 1.3.5 在约两小时前发布。<br />- <mark>PackageKit</mark> 是许多包管理器的后端，在 Ubuntu、Debian、Fedora 等发行版上被广泛应用；最早受影响版本 1.0.2 版本在 12 年前发布。<br />- 鉴于以上情况，目前大部分正在运行的 Linux 系统都受此漏洞影响，建议系统管理员在更新版本于发行版发布后及时更新。<br /><br />CVSS: 8.8/10<br />Affect: [1.0.2, 1.3.4]<br /><br />- <a href="https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv" target="_blank">GHSA-f55j-vvr9-69xv</a><br />- <a href="https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html" target="_blank">github.security.telekom.com/~</a><br /><br />linksrc: <a href="https://t.me/bupt_moe/2712" target="_blank">https://t.me/bupt_moe/2712</a><br /><br /><a href="/search/result?q=%23Security">#Security</a> <a href="/search/result?q=%23PackageKit">#PackageKit</a><a href="https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv" target="_blank"> <div>GitHub</div> <img class="link_preview_image" alt="Race condition vulnerability leads to arbitrary package installation as root" src="/static/https://cdn4.telesco.pe/file/q56SYK9L2tfsMSioddBbnU2cHPtaHg7fEXRFlxkE9D22b6pRv-N9mvmRG9c-gbb0ckc50tVZv5vSH4a5gPXbdVmtiFQ-jDv9iAUQPkafoRJ3NcMBjkBkIulTIxleJjWAeTnPemnsLg2kDALh1Z8FCF2bvTznDCAueNhnlegBnJHJU401dU3AKM9tURie2KxQdAtUjlhvaVwW58YWd588-G3ZxWN5Jrvt1SHv4B7zcQrpWRuxItpO4xNRP_7IW2QD5kw1wI662d8xR4jump1a1SkO_fAt8pZ2kUWh0VAOjlJS93wxZWg1I5jr4p3xwH8LrO8N5j6xlKgVk8FB4QGSJg.jpg" width="1200" height="630" loading="eager" /> <div>Race condition vulnerability leads to arbitrary package installation as root</div> <div>This report explains a vulnerability within <mark>PackageKit</mark>, that allows unprivileged user installing packages as root and thus leads to a local privilege escalation. <br /> <br />All <mark>PackageKit</mark> versions between ...</div> </a>