Synopsis:          Important: polkit security update
Advisory ID:       SLSA-2013:1270-1
Issue Date:        2013-09-19
CVE Numbers:       CVE-2013-4288
--

A race condition was found in the way the PolicyKit pkcheck utility
checked process authorization when the process was specified by its
process ID via the --process option. A local user could use this flaw to
bypass intended PolicyKit authorizations and escalate their privileges.
(CVE-2013-4288)

Note: Applications that invoke pkcheck with the --process option need to
be modified to use the pid,pid-start-time,uid argument for that option, to
allow pkcheck to check process authorization correctly.

The system must be rebooted for this update to take effect.
--

SL6
  x86_64
    polkit-0.96-5.el6_4.i686.rpm
    polkit-0.96-5.el6_4.x86_64.rpm
    polkit-debuginfo-0.96-5.el6_4.i686.rpm
    polkit-debuginfo-0.96-5.el6_4.x86_64.rpm
    polkit-devel-0.96-5.el6_4.i686.rpm
    polkit-devel-0.96-5.el6_4.x86_64.rpm
    polkit-docs-0.96-5.el6_4.x86_64.rpm
  i386
    polkit-0.96-5.el6_4.i686.rpm
    polkit-debuginfo-0.96-5.el6_4.i686.rpm
    polkit-devel-0.96-5.el6_4.i686.rpm
    polkit-docs-0.96-5.el6_4.i686.rpm
  noarch
    polkit-desktop-policy-0.96-5.el6_4.noarch.rpm

- Scientific Linux Development Team