Context Navigation

← Previous Ticket
Next Ticket →

#11438 closed enhancement (fixed)

polkit-0.115

Reported by:	DJ Lucas	Owned by:	DJ Lucas
Priority:	high	Milestone:	8.4
Component:	BOOK	Version:	SVN
Severity:	normal	Keywords:
Cc:

Description

Version bump and security patch... Fixes CVE-2018-1116, a local information disclosure and denial of service caused by trusting client-submitted UIDs when referencing processes. Thanks to Matthias Gerstner of the SUSE security team for reporting this issue.

Change History (3)

comment:1 by DJ Lucas, 5 years ago

Owner:	changed from blfs-book to DJ Lucas
Status:	new → assigned

comment:2 by Douglas R. Reno, 5 years ago

https://access.redhat.com/security/cve/cve-2018-19788

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

I've genned a patch to fix this problem.

comment:3 by Douglas R. Reno, 5 years ago

Resolution:	→ fixed
Status:	assigned → closed

Fixed at r20806

Note: See TracTickets for help on using tickets.

Download in other formats: