Описание
Security update for polkit
This update for polkit fixes the following issues:
- CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497).
Список пакетов
SUSE Enterprise Storage 6
libpolkit0-0.114-3.12.1
polkit-0.114-3.12.1
polkit-devel-0.114-3.12.1
typelib-1_0-Polkit-1_0-0.114-3.12.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
libpolkit0-0.114-3.12.1
polkit-0.114-3.12.1
polkit-devel-0.114-3.12.1
typelib-1_0-Polkit-1_0-0.114-3.12.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
libpolkit0-0.114-3.12.1
polkit-0.114-3.12.1
polkit-devel-0.114-3.12.1
typelib-1_0-Polkit-1_0-0.114-3.12.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
libpolkit0-0.114-3.12.1
polkit-0.114-3.12.1
polkit-devel-0.114-3.12.1
typelib-1_0-Polkit-1_0-0.114-3.12.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
libpolkit0-0.114-3.12.1
polkit-0.114-3.12.1
polkit-devel-0.114-3.12.1
typelib-1_0-Polkit-1_0-0.114-3.12.1
SUSE Linux Enterprise Server 15 SP1-BCL
libpolkit0-0.114-3.12.1
polkit-0.114-3.12.1
polkit-devel-0.114-3.12.1
typelib-1_0-Polkit-1_0-0.114-3.12.1
SUSE Linux Enterprise Server 15 SP1-LTSS
libpolkit0-0.114-3.12.1
polkit-0.114-3.12.1
polkit-devel-0.114-3.12.1
typelib-1_0-Polkit-1_0-0.114-3.12.1
SUSE Linux Enterprise Server 15-LTSS
libpolkit0-0.114-3.12.1
polkit-0.114-3.12.1
polkit-devel-0.114-3.12.1
typelib-1_0-Polkit-1_0-0.114-3.12.1
SUSE Linux Enterprise Server for SAP Applications 15
libpolkit0-0.114-3.12.1
polkit-0.114-3.12.1
polkit-devel-0.114-3.12.1
typelib-1_0-Polkit-1_0-0.114-3.12.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
libpolkit0-0.114-3.12.1
polkit-0.114-3.12.1
polkit-devel-0.114-3.12.1
typelib-1_0-Polkit-1_0-0.114-3.12.1
SUSE Manager Proxy 4.0
libpolkit0-0.114-3.12.1
polkit-0.114-3.12.1
polkit-devel-0.114-3.12.1
typelib-1_0-Polkit-1_0-0.114-3.12.1
SUSE Manager Retail Branch Server 4.0
libpolkit0-0.114-3.12.1
polkit-0.114-3.12.1
polkit-devel-0.114-3.12.1
typelib-1_0-Polkit-1_0-0.114-3.12.1
SUSE Manager Server 4.0
libpolkit0-0.114-3.12.1
polkit-0.114-3.12.1
polkit-devel-0.114-3.12.1
typelib-1_0-Polkit-1_0-0.114-3.12.1
Ссылки
- Link for SUSE-SU-2021:1844-1
- E-Mail link for SUSE-SU-2021:1844-1
- SUSE Security Ratings
- SUSE Bug 1186497
- SUSE CVE CVE-2021-3560 page
Описание
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые продукты
SUSE Enterprise Storage 6:libpolkit0-0.114-3.12.1
SUSE Enterprise Storage 6:polkit-0.114-3.12.1
SUSE Enterprise Storage 6:polkit-devel-0.114-3.12.1
SUSE Enterprise Storage 6:typelib-1_0-Polkit-1_0-0.114-3.12.1
Ссылки
- CVE-2021-3560
- SUSE Bug 1186497