calculate/gentoo-overlay
4
1
Fork 0
Code Issues Pull requests Releases Wiki Activity
gentoo-overlay/metadata/glsa/glsa-201611-07.xml

49 lines
1.7 KiB
XML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201611-07">
<title>polkit: Heap-corruption on duplicate IDs </title>
<synopsis>polkit is vulnerable to local privilege escalation.</synopsis>
<product type="ebuild">polkit</product>
<announced>2016-11-15</announced>
<revised count="1">2016-11-15</revised>
<bug>555666</bug>
<access>local</access>
<affected>
<package name="sys-auth/polkit" auto="yes" arch="*">
<unaffected range="ge">0.113</unaffected>
<vulnerable range="lt">0.113</vulnerable>
</package>
</affected>
<background>
<p>polkit is a toolkit for managing policies relating to unprivileged
processes communicating with privileged processes.
</p>
</background>
<description>
<p>A vulnerability was discovered in polkits
polkit_backend_action_pool_init function due to duplicate action IDs in
action descriptions.
</p>
</description>
<impact type="normal">
<p>Local attackers are able to gain unauthorized privileges on the system.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All polkit users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-auth/polkit-0.113"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3255">CVE-2015-3255</uri>
</references>
<metadata tag="requester" timestamp="2015-12-25T00:47:50Z">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="2016-11-15T07:23:23Z">b-man</metadata>
</glsa>
Reference in a new issue View git blame Copy permalink