Univention Bugzilla – Bug 47532
policykit-1: Multiple issues (4.2)
Last modified: 2018-08-15 16:20:13 CEST
New Debian policykit-1 0.105-15~deb8u3 fixes: This update addresses the following issue(s): * CVE_2016-2568 is open * A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure. (CVE-2018-1116) 0.105-15~deb8u3 (Fri, 27 Jul 2018 19:00:41 +0530) * Non-maintainer upload by the Debian LTS Team. * Fix CVE-2018-1116: polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users which result in local DoS. * d/libpolkit-gobject-1-0.symbols: Update for new ABI * CVE-2018-1116 polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd (CVE-2018-1116)
--- mirror/ftp/4.2/unmaintained/4.2-0/source/policykit-1_0.105-15~deb8u2.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/policykit-1_0.105-15~deb8u3.dsc @@ -1,3 +1,12 @@ +0.105-15~deb8u3 [Fri, 27 Jul 2018 19:00:41 +0530] Abhijith PA <abhijith@disroot.org>: + + * Non-maintainer upload by the Debian LTS Team. + * Fix CVE-2018-1116: polkit_backend_interactive_authority_check_authorization + function in polkitd allows to test for authentication and trigger + authentication of unrelated processes owned by other users which result + in local DoS. (Closes: #903563) + * d/libpolkit-gobject-1-0.symbols: Update for new ABI + 0.105-15~deb8u2 [Tue, 06 Sep 2016 17:53:11 +0200] Michael Biebl <biebl@debian.org>: * Disable 0.113/sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch <http://10.200.17.11/4.2-4/#5696309691613460327>
OK: yaml OK: errata-announce OK: patch OK: piuparts [4.2-4] 2c0e6abf2b Bug #47532: policykit-1 0.105-15~deb8u3 doc/errata/staging/policykit-1.yaml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) [4.2-4] 52db3b9a50 Bug #47532: policykit-1 0.105-15~deb8u3 doc/errata/staging/policykit-1.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)
<http://errata.software-univention.de/ucs/4.2/474.html>