Univention Bugzilla – Bug 48599
policykit-1: Multiple issues (4.2)
Last modified: 2019-02-06 12:56:06 CET
New Debian policykit-1 0.105-15~deb8u4 fixes: This update addresses the following issues: * Improper handling of user with uid > INT_MAX leading to authentication bypass (CVE-2018-19788) * Temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133)
--- mirror/ftp/4.2/unmaintained/4.2-5/source/policykit-1_0.105-15~deb8u3.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/policykit-1_0.105-15~deb8u4.dsc @@ -1,3 +1,8 @@ +0.105-15~deb8u4 [Mon, 28 Jan 2019 13:14:18 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: + + * CVE-2018-19788: authorization bypass for users with a high id + * CVE-2019-6133: authorization reuse due to insuficient uid checks. + 0.105-15~deb8u3 [Fri, 27 Jul 2018 19:00:41 +0530] Abhijith PA <abhijith@disroot.org>: * Non-maintainer upload by the Debian LTS Team. <http://10.200.17.11/4.2-5/#5696309691612377802>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] b54aadd359 Bug #48599: policykit-1 0.105-15~deb8u4 doc/errata/staging/policykit-1.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<http://errata.software-univention.de/ucs/4.2/595.html>