openSUSE-SU-2018:2284-1

Опубликовано: 09 авг. 2018

Источник: suse-cvrf

Описание

Security update for polkit

This update for polkit fixes the following issues:

Security issue fixed:

CVE-2018-1116: Fix uid comparison lacking in polkit_backend_interactive_authority_check_authorization (bsc#1099031).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

libpolkit0-0.114-lp150.2.3.1

libpolkit0-32bit-0.114-lp150.2.3.1

polkit-0.114-lp150.2.3.1

polkit-devel-0.114-lp150.2.3.1

polkit-doc-0.114-lp150.2.3.1

typelib-1_0-Polkit-1_0-0.114-lp150.2.3.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00030.html
E-Mail link for openSUSE-SU-2018:2284-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.

Затронутые продукты

openSUSE Leap 15.0:libpolkit0-0.114-lp150.2.3.1

openSUSE Leap 15.0:libpolkit0-32bit-0.114-lp150.2.3.1

openSUSE Leap 15.0:polkit-0.114-lp150.2.3.1

openSUSE Leap 15.0:polkit-devel-0.114-lp150.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-1116.html
CVE-2018-1116
https://bugzilla.suse.com/1099031
SUSE Bug 1099031

openSUSE-SU-2018:2284-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2018-1116

Описание

Затронутые продукты

Ссылки