Explore top 10 tips to secure your open-source projects now. Read More
×
The systemd PAM module could be used to gain additional PolicyKit
privileges.
Software Description:
- systemd: system and service manager
Details:
Jann Horn discovered that pam_systemd created logind sessions using some
parameters from the environment. A local attacker could exploit this in
order to spoof the active session and gain additional PolicyKit
privileges.
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libpam-systemd 239-7ubuntu10.12 Ubuntu 18.04 LTS: libpam-systemd 237-3ubuntu10.19 Ubuntu 16.04 LTS: libpam-systemd 229-4ubuntu21.21 Ubuntu 14.04 LTS: libpam-systemd 204-5ubuntu20.31 In general, a standard system update will make all the necessary changes.
CVE-2019-3842
Get the latest Linux and open source security news straight to your inbox.