Описание
Security update for polkit
polkit was updated to the 0.113 release, fixing security issues and bugs.
Security issues fixed:
- Fixes CVE-2015-4625, a local privilege escalation due to predictable authentication session cookie values. Thanks to Tavis Ormandy, Google Project Zero for reporting this issue. For the future, authentication agents are encouraged to use PolkitAgentSession instead of using the D-Bus agent response API directly. (bsc#935119)
- Fixes CVE-2015-3256, various memory corruption vulnerabilities in use of the JavaScript interpreter, possibly leading to local privilege escalation. (bsc#943816)
- Fixes CVE-2015-3255, a memory corruption vulnerability in handling duplicate action IDs, possibly leading to local privilege escalation. Thanks to Laurent Bigonville for reporting this issue. (bsc#939246)
- Fixes CVE-2015-3218, which allowed any local user to crash polkitd. Thanks to Tavis Ormandy, Google Project Zero, for reporting this issue. (bsc#933922)
Other issues fixed:
- On systemd-213 and later, the 'active' state is shared across all sessions of an user, instead of being tracked separately.
- pkexec, when not given a program to execute, runs the users shell by default.
- Fixed shutdown problems on powerpc64le (bsc#950114)
- polkit had a memory leak (bsc#912889)
Список пакетов
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Workstation Extension 12
Ссылки
- Link for SUSE-SU-2015:1838-1
- E-Mail link for SUSE-SU-2015:1838-1
- SUSE Security Ratings
- SUSE Bug 912889
- SUSE Bug 933922
- SUSE Bug 935119
- SUSE Bug 939246
- SUSE Bug 943816
- SUSE Bug 950114
- SUSE CVE CVE-2015-3218 page
- SUSE CVE CVE-2015-3255 page
- SUSE CVE CVE-2015-3256 page
- SUSE CVE CVE-2015-4625 page
Описание
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
Затронутые продукты
Ссылки
- CVE-2015-3218
- SUSE Bug 933922
- SUSE Bug 943816
Описание
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
Затронутые продукты
Ссылки
- CVE-2015-3255
- SUSE Bug 939246
- SUSE Bug 943816
Описание
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
Затронутые продукты
Ссылки
- CVE-2015-3256
- SUSE Bug 943816
Описание
Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.
Затронутые продукты
Ссылки
- CVE-2015-4625
- SUSE Bug 935119
- SUSE Bug 943816