This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsaid="201611-07">
<title>polkit: Heap-corruption on duplicate IDs </title>
<synopsis>polkit is vulnerable to local privilege escalation.</synopsis>
<producttype="ebuild">polkit</product>
<announced>2016-11-15</announced>
<revisedcount="1">2016-11-15</revised>
<bug>555666</bug>
<access>local</access>
<affected>
<packagename="sys-auth/polkit"auto="yes"arch="*">
<unaffectedrange="ge">0.113</unaffected>
<vulnerablerange="lt">0.113</vulnerable>
</package>
</affected>
<background>
<p>polkit is a toolkit for managing policies relating to unprivileged
processes communicating with privileged processes.
</p>
</background>
<description>
<p>A vulnerability was discovered in polkit’s
polkit_backend_action_pool_init function due to duplicate action IDs in
action descriptions.
</p>
</description>
<impacttype="normal">
<p>Local attackers are able to gain unauthorized privileges on the system.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All polkit users should upgrade to the latest version:</p>