SCIENTIFIC-LINUX-ERRATA Archives

September 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: polkit on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Thu, 19 Sep 2013 19:26:09 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (38 lines) 
Synopsis:          Important: polkit security update
Advisory ID:       SLSA-2013:1270-1
Issue Date:        2013-09-19
CVE Numbers:       CVE-2013-4288
--

A race condition was found in the way the PolicyKit pkcheck utility
checked process authorization when the process was specified by its
process ID via the --process option. A local user could use this flaw to
bypass intended PolicyKit authorizations and escalate their privileges.
(CVE-2013-4288)

Note: Applications that invoke pkcheck with the --process option need to
be modified to use the pid,pid-start-time,uid argument for that option, to
allow pkcheck to check process authorization correctly.

The system must be rebooted for this update to take effect.
--

SL6
  x86_64
    polkit-0.96-5.el6_4.i686.rpm
    polkit-0.96-5.el6_4.x86_64.rpm
    polkit-debuginfo-0.96-5.el6_4.i686.rpm
    polkit-debuginfo-0.96-5.el6_4.x86_64.rpm
    polkit-devel-0.96-5.el6_4.i686.rpm
    polkit-devel-0.96-5.el6_4.x86_64.rpm
    polkit-docs-0.96-5.el6_4.x86_64.rpm
  i386
    polkit-0.96-5.el6_4.i686.rpm
    polkit-debuginfo-0.96-5.el6_4.i686.rpm
    polkit-devel-0.96-5.el6_4.i686.rpm
    polkit-docs-0.96-5.el6_4.i686.rpm
  noarch
    polkit-desktop-policy-0.96-5.el6_4.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2