Описание
Security update for polkit
This update for polkit fixes the following issues:
- CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. (bsc#1246472)
Список пакетов
SUSE Enterprise Storage 7.1
libpolkit0-0.116-150200.3.15.1
polkit-0.116-150200.3.15.1
polkit-devel-0.116-150200.3.15.1
typelib-1_0-Polkit-1_0-0.116-150200.3.15.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libpolkit0-0.116-150200.3.15.1
polkit-0.116-150200.3.15.1
polkit-devel-0.116-150200.3.15.1
typelib-1_0-Polkit-1_0-0.116-150200.3.15.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libpolkit0-0.116-150200.3.15.1
polkit-0.116-150200.3.15.1
polkit-devel-0.116-150200.3.15.1
typelib-1_0-Polkit-1_0-0.116-150200.3.15.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libpolkit0-0.116-150200.3.15.1
polkit-0.116-150200.3.15.1
polkit-devel-0.116-150200.3.15.1
typelib-1_0-Polkit-1_0-0.116-150200.3.15.1
SUSE Linux Enterprise Micro 5.1
libpolkit0-0.116-150200.3.15.1
polkit-0.116-150200.3.15.1
SUSE Linux Enterprise Micro 5.2
libpolkit0-0.116-150200.3.15.1
polkit-0.116-150200.3.15.1
SUSE Linux Enterprise Micro 5.3
libpolkit0-0.116-150200.3.15.1
polkit-0.116-150200.3.15.1
SUSE Linux Enterprise Micro 5.4
libpolkit0-0.116-150200.3.15.1
polkit-0.116-150200.3.15.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libpolkit0-0.116-150200.3.15.1
polkit-0.116-150200.3.15.1
polkit-devel-0.116-150200.3.15.1
typelib-1_0-Polkit-1_0-0.116-150200.3.15.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libpolkit0-0.116-150200.3.15.1
polkit-0.116-150200.3.15.1
polkit-devel-0.116-150200.3.15.1
typelib-1_0-Polkit-1_0-0.116-150200.3.15.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libpolkit0-0.116-150200.3.15.1
polkit-0.116-150200.3.15.1
polkit-devel-0.116-150200.3.15.1
typelib-1_0-Polkit-1_0-0.116-150200.3.15.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libpolkit0-0.116-150200.3.15.1
polkit-0.116-150200.3.15.1
polkit-devel-0.116-150200.3.15.1
typelib-1_0-Polkit-1_0-0.116-150200.3.15.1
SUSE Manager Proxy 4.3
libpolkit0-0.116-150200.3.15.1
polkit-0.116-150200.3.15.1
polkit-devel-0.116-150200.3.15.1
typelib-1_0-Polkit-1_0-0.116-150200.3.15.1
SUSE Manager Server 4.3
libpolkit0-0.116-150200.3.15.1
polkit-0.116-150200.3.15.1
polkit-devel-0.116-150200.3.15.1
typelib-1_0-Polkit-1_0-0.116-150200.3.15.1
Ссылки
- Link for SUSE-SU-2025:02528-1
- E-Mail link for SUSE-SU-2025:02528-1
- SUSE Security Ratings
- SUSE Bug 1246472
- SUSE CVE CVE-2025-7519 page
Описание
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.
Затронутые продукты
SUSE Enterprise Storage 7.1:libpolkit0-0.116-150200.3.15.1
SUSE Enterprise Storage 7.1:polkit-0.116-150200.3.15.1
SUSE Enterprise Storage 7.1:polkit-devel-0.116-150200.3.15.1
SUSE Enterprise Storage 7.1:typelib-1_0-Polkit-1_0-0.116-150200.3.15.1
Ссылки
- CVE-2025-7519
- SUSE Bug 1246472