Opened 7 years ago

Closed 6 years ago

Last modified 5 years ago

#8431 closed defect (fixed)

polkit (CVE-2016-2568) (wait for upstream)

Reported by: Samuel Owned by: blfs-book@…
Priority: normal Milestone: hold
Component: BOOK Version: SVN
Severity: normal Keywords:


A vulnerability has been found in polkit. It allows unprivileged users to gain root privileges through TIOCSTI ioctl. The last version of polkit is over a year old.

Change History (11)

comment:1 by Samuel, 7 years ago

Owner: changed from blfs-book@… to Samuel
Status: newassigned

comment:2 by bdubbs@…, 7 years ago

So what do we do about it? We are not going to remove it. We have to wait for upstream to fix it.

I do not think it is productive to create a ticket until we can do something about it.

comment:3 by Samuel, 7 years ago

Sorry. I am still new to this ticket system. Should I put it on hold?

comment:4 by Samuel, 7 years ago

Status: assignednew

comment:6 by Samuel, 7 years ago

Owner: changed from Samuel to blfs-book@…

comment:7 by bdubbs@…, 7 years ago

Milestone: 7.11hold
Priority: highnormal
Summary: polkit (CVE-2016-2568)polkit (CVE-2016-2568) (wait for upstream)

Wait for an upstream fix.

comment:8 by DJ Lucas, 6 years ago

Suggesting updating to git checkout. This also bumps to mozjs-24.2.0, so that we can remove mozjs17. Same build instructions apply. md5sum: 106bd2fa4f336dc25ad2934dbdaf893c sha256sum: bd0739bf7d69cfe8a2076e69f09198d1baffb6ee977882288b4b1eaa6cb1ea83

comment:9 by DJ Lucas, 6 years ago

Resolution: fixed
Status: newclosed

Fixed in r18565.

comment:10 by bdubbs@…, 6 years ago

Milestone: holdy-hold

Milestone renamed

comment:11 by Bruce Dubbs, 5 years ago

Milestone: y-holdhold

Milestone renamed

Note: See TracTickets for help on using tickets.