Univention Bugzilla – Bug 38909
policykit-1: Multiple issues (4.0)
Last modified: 2015-09-02 12:57:49 CEST
* Local privilege escalation in polkit before 0.113 due to predictable authentication session cookie values (CVE-2015-4625). * Various memory corruption vulnerabilities in polkit before 0.113 in the use of the JavaScript interpreter, possibly leading to local privilege escalation (CVE-2015-3256). * Memory corruption vulnerability in polkit before 0.113 in handling duplicate action IDs, possibly leading to local privilege escalation (CVE-2015-3255). * Denial of service issue in polkit before 0.113 which allowed any local user to crash polkitd (CVE-2015-3218).
(In reply to Arvid Requate from comment #0) > * Local privilege escalation in polkit before 0.113 due to predictable > authentication session cookie values (CVE-2015-4625). http://cgit.freedesktop.org/polkit/commit/?id=ea544ffc18405237ccd95d28d7f45afef49aca17 http://cgit.freedesktop.org/polkit/commit/?id=493aa5dc1d278ab9097110c1262f5229bbaf1766 http://cgit.freedesktop.org/polkit/commit/?id=fb5076b7c05d01a532d593a4079a29cf2d63a228 > * Various memory corruption vulnerabilities in polkit before 0.113 in the > use of the JavaScript interpreter, possibly leading to local privilege > escalation (CVE-2015-3256). This is already fixed in the UCS 4.0 version. > * Memory corruption vulnerability in polkit before 0.113 in handling > duplicate action IDs, possibly leading to local privilege escalation > (CVE-2015-3255). http://cgit.freedesktop.org/polkit/commit/?id=9f5e0c731784003bd4d6fc75ab739ff8b2ea269f > * Denial of service issue in polkit before 0.113 which allowed any local > user to crash polkitd (CVE-2015-3218). http://cgit.freedesktop.org/polkit/commit/?id=48e646918efb2bf0b3b505747655726d7869f31c
The patches have been backported. I had some problems with gio-unix-2.0 includes since it is only for a temporary time, I've put it directly into Makefile: r15196 YAML: 2015-08-28-policykit-1.yaml
My tests were successful.
* OK - patch CVE-2015-3218_2015-3255_2015-4625 * OK - built in errata4.0-3 with patch * OK - > > * Various memory corruption vulnerabilities in polkit before 0.113 in the > > use of the JavaScript interpreter, possibly leading to local privilege > > escalation (CVE-2015-3256). > > This is already fixed in the UCS 4.0 version. * OK - polkitd works as expected (after restarting dbus!!) * OK - YAML
<http://errata.univention.de/ucs/4.0/299.html>