Описание
Security update for polkit
This update for polkit fixes the following issues:
- CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. (bsc#1246472)
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
libpolkit0-0.113-5.30.1
polkit-0.113-5.30.1
polkit-devel-0.113-5.30.1
typelib-1_0-Polkit-1_0-0.113-5.30.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libpolkit0-0.113-5.30.1
polkit-0.113-5.30.1
polkit-devel-0.113-5.30.1
typelib-1_0-Polkit-1_0-0.113-5.30.1
Ссылки
- Link for SUSE-SU-2025:02525-1
- E-Mail link for SUSE-SU-2025:02525-1
- SUSE Security Ratings
- SUSE Bug 1246472
- SUSE CVE CVE-2025-7519 page
Описание
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:libpolkit0-0.113-5.30.1
SUSE Linux Enterprise Server 12 SP5-LTSS:polkit-0.113-5.30.1
SUSE Linux Enterprise Server 12 SP5-LTSS:polkit-devel-0.113-5.30.1
SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Polkit-1_0-0.113-5.30.1
Ссылки
- CVE-2025-7519
- SUSE Bug 1246472