Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 21 - FEDORA-2015-11743 critical: polkit authentication flaws

fedora
Calendar Grey July 21, 2015
Dist Fedora Esm H88
A vital security alert for Fedora 22 concerning several polkit vulnerabilities. Ensure you update promptly to maintain security and system integrity.
Security fix for CVE-2015-3218, CVE-2015-3255, CVE-2015-3256, CVE-2015-4625

Summary

polkit is a toolkit for defining and handling authorizations. It is

used for allowing unprivileged processes to speak to privileged

processes.

Update Information:

Security fix for CVE-2015-3218, CVE-2015-3255, CVE-2015-3256, CVE-2015-4625.

Please make sure to reboot or run (systemctl restart polkit.service) after applying this update.

Topics%20covered

Topics Covered

security advisory update critical Fedora system security authentication flaw polkit

Change Log

* Tue Jul 14 2015 Miloslav Trmač - 0.113-4 - Bump the Obsoletes: to < 0.113-3 to account for the non-split 0.113-2.fc21 Resolves: #1243004 * Sun Jul 12 2015 Rex Dieter 0.113-3 - Obsoletes: polkit < 0.112-8 (handle multilib upgrade path) * Fri Jul 10 2015 Miloslav Trmač - 0.113-2 - Add a fully versioned dependency from polkit to polkit-libs Resolves: #1241759 - Require polkit-libs, not polkit, in polkit-devel * Thu Jul 2 2015 Miloslav Trmač - 0.113-1 - Update to polkit-0.113 (CVE-2015-3218, CVE-2015-3255, CVE-2015-3256, CVE-2015-4625) Resolves: #910262, #1175061, #1177930, #1194391, #1228739, #1233810 * Fri Jun 19 2015 Miloslav Trmač - 0.112-11 - Add BuildRequires: systemd so that %{_unitdir} is defined, to fix the build. * Thu Jun 18 2015 Fedora Release Engineering - 0.112-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Sun Jan 25 2015 Rex Dieter - 0.112-9 - polkit doesn't release reference counters of GVariant data (#1180886) - fix ldconfig scriptlets (move to -libs subpkg) * Sat Nov 8 2014 Colin Walters - 0.112-8 - Split separate -libs package, so that NetworkManager can just depend on that, without dragging in the daemon (as well as libmozjs17). This allows the creation of more minimal systems that want programs like NM, but do not need the configurability of the daemon; it would be ok if only root is authorized.

References


[ 1 ] Bug #1228738 - CVE-2015-3218 polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent https://bugzilla.redhat.com/show_bug.cgi?id=1228738 [ 2 ] Bug #1233808 - CVE-2015-4625 polkit: potential information disclosure vulnerability due to cookie counter wrapping https://bugzilla.redhat.com/show_bug.cgi?id=1233808

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update polkit' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: polkit
Product: Fedora 21
Version: 0.113
Release: 4.fc21
URL: https://gitlab.freedesktop.org/polkit/polkit/
Summary: An authorization framework

Topics%20covered

Topics Covered

security advisory update critical Fedora system security authentication flaw polkit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here