Univention Bugzilla – Full Text Bug Listing |
Summary: | policykit-1: Multiple issues (4.0) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Stefan Gohmann <gohmann> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, walkenhorst |
Version: | UCS 4.0 | ||
Target Milestone: | UCS 4.0-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: |
Description
Arvid Requate
2015-07-13 12:27:52 CEST
(In reply to Arvid Requate from comment #0) > * Local privilege escalation in polkit before 0.113 due to predictable > authentication session cookie values (CVE-2015-4625). http://cgit.freedesktop.org/polkit/commit/?id=ea544ffc18405237ccd95d28d7f45afef49aca17 http://cgit.freedesktop.org/polkit/commit/?id=493aa5dc1d278ab9097110c1262f5229bbaf1766 http://cgit.freedesktop.org/polkit/commit/?id=fb5076b7c05d01a532d593a4079a29cf2d63a228 > * Various memory corruption vulnerabilities in polkit before 0.113 in the > use of the JavaScript interpreter, possibly leading to local privilege > escalation (CVE-2015-3256). This is already fixed in the UCS 4.0 version. > * Memory corruption vulnerability in polkit before 0.113 in handling > duplicate action IDs, possibly leading to local privilege escalation > (CVE-2015-3255). http://cgit.freedesktop.org/polkit/commit/?id=9f5e0c731784003bd4d6fc75ab739ff8b2ea269f > * Denial of service issue in polkit before 0.113 which allowed any local > user to crash polkitd (CVE-2015-3218). http://cgit.freedesktop.org/polkit/commit/?id=48e646918efb2bf0b3b505747655726d7869f31c The patches have been backported. I had some problems with gio-unix-2.0 includes since it is only for a temporary time, I've put it directly into Makefile: r15196 YAML: 2015-08-28-policykit-1.yaml My tests were successful. * OK - patch CVE-2015-3218_2015-3255_2015-4625 * OK - built in errata4.0-3 with patch * OK - > > * Various memory corruption vulnerabilities in polkit before 0.113 in the > > use of the JavaScript interpreter, possibly leading to local privilege > > escalation (CVE-2015-3256). > > This is already fixed in the UCS 4.0 version. * OK - polkitd works as expected (after restarting dbus!!) * OK - YAML |