Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Scientific Linux: SLSA-2013:1270-1 Important: Polkit Escalation Risk

Scientific Large Esm H446
Important: polkit security update
Date: Thu, 19 Sep 2013 19:26:09 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: polkit on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: polkit security update
Advisory ID: SLSA-2013:1270-1
Issue Date: 2013-09-19
CVE Numbers: CVE-2013-4288
--

A race condition was found in the way the PolicyKit pkcheck utility
checked process authorization when the process was specified by its
process ID via the --process option. A local user could use this flaw to
bypass intended PolicyKit authorizations and escalate their privileges.
(CVE-2013-4288)

Note: Applications that invoke pkcheck with the --process option need to
be modified to use the pid,pid-start-time,uid argument for that option, to
allow pkcheck to check process authorization correctly.

The system must be rebooted for this update to take effect.
--

SL6
 x86_64
 polkit-0.96-5.el6_4.i686.rpm
 polkit-0.96-5.el6_4.x86_64.rpm
 polkit-debuginfo-0.96-5.el6_4.i686.rpm
 polkit-debuginfo-0.96-5.el6_4.x86_64.rpm
 polkit-devel-0.96-5.el6_4.i686.rpm
 polkit-devel-0.96-5.el6_4.x86_64.rpm
 polkit-docs-0.96-5.el6_4.x86_64.rpm
 i386
 polkit-0.96-5.el6_4.i686.rpm
 polkit-debuginfo-0.96-5.el6_4.i686.rpm
 polkit-devel-0.96-5.el6_4.i686.rpm
 polkit-docs-0.96-5.el6_4.i686.rpm
 noarch
 polkit-desktop-policy-0.96-5.el6_4.noarch.rpm

- Scientific Linux Development Team