Arbitrary Package Installation and Removal Vulnerability in Manjaro Linux

Arbitrary Package Installation and Removal Vulnerability in Manjaro Linux

CVE-2018-15912 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially containing hooks with arbitrary code, which will automatically be run as root, or remove packages vital to the system.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.