openSUSE-SU-2018:2021-1

Опубликовано: 19 июл. 2018

Источник: suse-cvrf

Описание

Security update for polkit

This update for polkit fixes the following issues:

CVE-2018-1116: Fixed trusting the client-supplied UID which could lead to a denial of service (too many dialogs) caused by local attackers (boo#1099031)

Список пакетов

openSUSE Leap 42.3

libpolkit0-0.113-14.3.1

libpolkit0-32bit-0.113-14.3.1

polkit-0.113-14.3.1

polkit-devel-0.113-14.3.1

polkit-doc-0.113-14.3.1

typelib-1_0-Polkit-1_0-0.113-14.3.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00029.html
E-Mail link for openSUSE-SU-2018:2021-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.

Затронутые продукты

openSUSE Leap 42.3:libpolkit0-0.113-14.3.1

openSUSE Leap 42.3:libpolkit0-32bit-0.113-14.3.1

openSUSE Leap 42.3:polkit-0.113-14.3.1

openSUSE Leap 42.3:polkit-devel-0.113-14.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-1116.html
CVE-2018-1116
https://bugzilla.suse.com/1099031
SUSE Bug 1099031

openSUSE-SU-2018:2021-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-1116

Описание

Затронутые продукты

Ссылки