- ------------------------------------------------------------------------- Debian Security Advisory DSA-2319-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Thijs Kinkhorst October 8, 2011 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : policykit-1 Vulnerability : race condition Problem type : local Debian-specific: no CVE ID : CVE-2011-1485 Debian Bug : 644500 Neel Mehta discovered that a race condition in Policykit, a framework for managing administrative policies and privileges, allowed local users to elevate privileges by executing a setuid program from pkexec. The oldstable distribution (lenny) does not contain the policykit-1 package. For the stable distribution (squeeze), this problem has been fixed in version 0.96-4+squeeze1. For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in version 0.101-4. We recommend that you upgrade your policykit-1 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Debian: DSA-2319-1: policykit-1 security update
Neel Mehta discovered that a race condition in Policykit, a framework for managing administrative policies and privileges, allowed local users to elevate privileges by executing a setuid program from pkexec.
