GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Nov 15, 2016 9:26 am Post subject: [ GLSA 201611-07 ] polkit |
|
|
Gentoo Linux Security Advisory
Title: polkit: Heap-corruption on duplicate IDs (GLSA 201611-07)
Severity: normal
Exploitable: local
Date: November 15, 2016
Bug(s): #555666
ID: 201611-07
Synopsis
polkit is vulnerable to local privilege escalation.
Background
polkit is a toolkit for managing policies relating to unprivileged
processes communicating with privileged processes.
Affected Packages
Package: sys-auth/polkit
Vulnerable: < 0.113
Unaffected: >= 0.113
Architectures: All supported architectures
Description
A vulnerability was discovered in polkit’s
polkit_backend_action_pool_init function due to duplicate action IDs in
action descriptions.
Impact
Local attackers are able to gain unauthorized privileges on the system.
Workaround
There is no known workaround at this time.
Resolution
All polkit users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.113"
|
References
CVE-2015-3255 |
|