Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2013-1273

Опубликовано: 19 сент. 2013
Источник: oracle-oval
Платформа: Oracle Linux 6

Описание

ELSA-2013-1273: spice-gtk security update (IMPORTANT)

[0.14-7.3]

  • New build with correct patch for CVE-2013-4324

[0.14-7.2]

  • Fix race condition in policykit use (CVE-2013-4324) Resolves: CVE-2013-4324

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

spice-glib

0.14-7.el6_4.3

spice-glib-devel

0.14-7.el6_4.3

spice-gtk

0.14-7.el6_4.3

spice-gtk-devel

0.14-7.el6_4.3

spice-gtk-python

0.14-7.el6_4.3

spice-gtk-tools

0.14-7.el6_4.3

Oracle Linux i686

spice-glib

0.14-7.el6_4.3

spice-glib-devel

0.14-7.el6_4.3

spice-gtk

0.14-7.el6_4.3

spice-gtk-devel

0.14-7.el6_4.3

spice-gtk-python

0.14-7.el6_4.3

spice-gtk-tools

0.14-7.el6_4.3

Связанные CVE

CVE-2013-4324

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2013-4324

ubuntu
почти 12 лет назад

spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

redhat логотип

CVE-2013-4324

redhat
почти 12 лет назад

spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

nvd логотип

CVE-2013-4324

nvd
почти 12 лет назад

spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

debian логотип

CVE-2013-4324

debian
почти 12 лет назад

spice-gtk 0.14, and possibly other versions, invokes the polkit author ...

github логотип

GHSA-4qg9-qqgj-hw85

github
больше 3 лет назад

spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.