Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Scientific Linux: Important Polkit Update CVE-2011-1485 Remote Exec

Calendar Apr 20, 2011 User Avatar LinuxSecurity Advisories
2 - 4 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory remote execution important system reboot polkit Scientific Linux xorg update
Important: polkit security update 
Date: Tue, 19 Apr 2011 10:22:55 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Re: Security ERRATA Moderate: xorg-x11-server-utils on SL5.x,
 SL6.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 
In-Reply-To: <4DA4B5E5.80601@fnal.gov>
MIME-Version: 1.0

* This security update applied a backported patch to fix a flaw in the
X server resource database utility, xrdb. While this patch resolved the
security issue, it also introduced an error in the macro expansion
mechanism. Consequent to this, an attempt to run the xrdb utility could
fail with the following messages written to standard error:

sh: -c: line 0: unexpected EOF while looking for matching `"'
sh: -c: line 1: syntax error: unexpected end of file

With this update, the underlying source code has been adapted to correct
the macro expansion mechanism, and the xrdb utility now works as expected.

Note that all running instances of the X.Org server must be restarted
for this update to take effect.

SL 5.x

 SRPMS:
xorg-x11-server-utils-7.1-5.el5_6.2.src.rpm
 i386:
xorg-x11-server-utils-7.1-5.el5_6.2.i386.rpm
 x86_64:
xorg-x11-server-utils-7.1-5.el5_6.2.x86_64.rpm

SL 6.x

 SRPMS:
xorg-x11-server-utils-7.4-15.el6_0.2.src.rpm
 i386:
xorg-x11-server-utils-7.4-15.el6_0.2.i686.rpm
 x86_64:
xorg-x11-server-utils-7.4-15.el6_0.2.x86_64.rpm

- Scientific Linux Development Team

On 04/12/2011 03:28 PM, Troy J Dawson wrote:
> Synopsis:	Moderate: xorg-x11-server-utils security update
> Issue date:	2011-04-11
> CVE Names:	CVE-2011-0465
>
> A flaw was found in the X.Org X server resource database utility, xrdb.
> Certain variables were not properly sanitized during the launch of a
> user's graphical session, which could possibly allow a remote attacker
> to execute arbitrary code with root privileges, if they were able to
> make the display manager execute xrdb with a specially-crafted X client
> hostname. For example, by configuring the hostname on the target system
> via a crafted DHCP reply, or by using the X Display Manager Control
> Protocol (XDMCP) to connect to that system from a host that has a
> special DNS name. (CVE-2011-0465)
>
> All running X.Org server instances must be restarted for this update to
> take effect.
>
> SL 5.x
>
> SRPMS:
> xorg-x11-server-utils-7.1-5.el5_6.1.src.rpm
> i386:
> xorg-x11-server-utils-7.1-5.el5_6.1.i386.rpm
> x86_64:
> xorg-x11-server-utils-7.1-5.el5_6.1.x86_64.rpm
>
> SL 6.x
>
> SRPMS:
> xorg-x11-server-utils-7.4-15.el6_0.1.src.rpm
> i386:
> xorg-x11-server-utils-7.4-15.el6_0.1.i686.rpm
> x86_64:
> xorg-x11-server-utils-7.4-15.el6_0.1.x86_64.rpm
>
> -Connie Sieh
> -Troy Dawson
>
>
>
>

--
__________________________________________________
Troy Dawson This email address is being protected from spambots. You need JavaScript enabled to view it. (630)840-6468
Fermilab ComputingDivision/SCF/FEF/SLSMS Group
__________________________________________________
Date: Wed, 20 Apr 2011 14:30:51 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Important: polkit on SL6.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 
MIME-Version: 1.0

Synopsis:	Important: polkit security update
Issue date:	2011-04-19
CVE Names:	CVE-2011-1485

A race condition flaw was found in the PolicyKit pkexec utility and
polkitd daemon. A local user could use this flaw to appear as a
privileged user to pkexec, allowing them to execute arbitrary commands
as root by running those commands with pkexec. (CVE-2011-1485)

The system must be rebooted for this update to take effect.

SL 6.x

 SRPMS:
polkit-0.96-2.el6_0.1.src.rpm
 i386:
polkit-0.96-2.el6_0.1.i686.rpm
polkit-desktop-policy-0.96-2.el6_0.1.noarch.rpm
polkit-devel-0.96-2.el6_0.1.i686.rpm
polkit-docs-0.96-2.el6_0.1.i686.rpm
 x86_64:
polkit-0.96-2.el6_0.1.i686.rpm
polkit-0.96-2.el6_0.1.x86_64.rpm
polkit-desktop-policy-0.96-2.el6_0.1.noarch.rpm
polkit-devel-0.96-2.el6_0.1.i686.rpm
polkit-devel-0.96-2.el6_0.1.x86_64.rpm
polkit-docs-0.96-2.el6_0.1.x86_64.rpm

- Scientific Linux Development Team
Your message here