Robin Broda

**Name of the Vulnerable Software and Affected Versions** manjaro-system version 20180716-1 **Description** A local attacker can exploit an issue in the manjaro-update-system.sh script to install or remove arbitrary packages and package repositories. These repositories can contain hooks with arbitrary code that will automatically be run as root. Additionally, an attacker can remove vital system packages. **Recommendations** For manjaro-system version 20180716-1, consider restricting access to the package management system to prevent unauthorized installation or removal of packages until a fix is available. As a temporary workaround, monitor system package changes closely to detect and mitigate potential attacks.