Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Thu, 19 Sep 2013 19:26:09 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Important: polkit on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Important: polkit security update Advisory ID: SLSA-2013:1270-1 Issue Date: 2013-09-19 CVE Numbers: CVE-2013-4288 -- A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges. (CVE-2013-4288) Note: Applications that invoke pkcheck with the --process option need to be modified to use the pid,pid-start-time,uid argument for that option, to allow pkcheck to check process authorization correctly. The system must be rebooted for this update to take effect. -- SL6 x86_64 polkit-0.96-5.el6_4.i686.rpm polkit-0.96-5.el6_4.x86_64.rpm polkit-debuginfo-0.96-5.el6_4.i686.rpm polkit-debuginfo-0.96-5.el6_4.x86_64.rpm polkit-devel-0.96-5.el6_4.i686.rpm polkit-devel-0.96-5.el6_4.x86_64.rpm polkit-docs-0.96-5.el6_4.x86_64.rpm i386 polkit-0.96-5.el6_4.i686.rpm polkit-debuginfo-0.96-5.el6_4.i686.rpm polkit-devel-0.96-5.el6_4.i686.rpm polkit-docs-0.96-5.el6_4.i686.rpm noarch polkit-desktop-policy-0.96-5.el6_4.noarch.rpm - Scientific Linux Development Team