Stay Secure with the Latest Linux Advisories

security advisorycriticalFedora

Ubuntu 20.04: 2020-a9f746db8b Major: SystemD Service Overlap Vulnerability

Due to kernel issue there is a way to reuse start_time of a process. This allows to duplicate process authorized by polkit. This update mitigates polkit issue #75 (slowfork): https://gitlab.freedesktop.org/polkit/polkit/-/issues/75. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-e957cecffd 2019-01-13 02:30:40.466723 --------------------------------------------------------------------------------Name : polkit Product : Fedora 29 Version : 0.115 Release : 4.2.fc29 URL : https://gitlab.freedesktop.org/polkit/polkit/ Summary : An authorization framework Description : polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. --------------------------------------------------------------------------------Update Information: Due to kernel issue there is a way to reuse start_time of a process. This allows to duplicate process authorized by polkit. This update mitigates polkit issue #75 (slowfork): https://gitlab.freedesktop.org/polkit/polkit/-/issues/75 --------------------------------------------------------------------------------ChangeLog: * Mon Jan 7 2019 Jan Rybar - 0.115-5 - Fix of start_time reuse exploit (slowfork) * Fri Dec 7 2018 Jan Rybar - 0.115-4.1 - Fix of CVE-2018-19788, priv escalation with high UIDs - Resolves: rhbz#1655926 * Thu Sep 27 2018 Owen Taylor - 0.115-4 - Fix installation with prefix != /usr * Fri Jul 20 2018 Jan Rybar - 0.115-3 - Warning raised by polkit when disconnected from ssh - polkitagentlistener: resource leak - pointer to 'server' - Error message raised on every 'systemctl start' in emergency.target --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-e957cecffd' at the command line. For more information, refer tothe dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Mitigating risks of process redundancy via the recent polkit upgrade in Fedora 29, bolstering protection.. polkit update,Fedora 29 security,process authorization,exploitation mitigation. . Severity: Important. LinuxSecurity.com Team

Jan 13, 2019 •Important Fedora