Opened 3 years ago

Closed 3 years ago

#11438 closed enhancement (fixed)

polkit-0.115

Reported by: DJ Lucas Owned by: DJ Lucas
Priority: high Milestone: 8.4
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

Version bump and security patch... Fixes CVE-2018-1116, a local information disclosure and denial of service caused by trusting client-submitted UIDs when referencing processes. Thanks to Matthias Gerstner of the SUSE security team for reporting this issue.

Change History (3)

comment:1 by DJ Lucas, 3 years ago

Owner: changed from blfs-book to DJ Lucas
Status: newassigned

comment:2 by Douglas R. Reno, 3 years ago

https://access.redhat.com/security/cve/cve-2018-19788

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

I've genned a patch to fix this problem.

comment:3 by Douglas R. Reno, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r20806

Note: See TracTickets for help on using tickets.