Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Pat Riehecky <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Important: polkit on SL6.x i386/x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Thursday 19th September 2013 19:26:09 UTC (over 3 years ago)
Synopsis:          Important: polkit security update
Advisory ID:       SLSA-2013:1270-1
Issue Date:        2013-09-19
CVE Numbers:       CVE-2013-4288
--

A race condition was found in the way the PolicyKit pkcheck utility
checked process authorization when the process was specified by its
process ID via the --process option. A local user could use this flaw to
bypass intended PolicyKit authorizations and escalate their privileges.
(CVE-2013-4288)

Note: Applications that invoke pkcheck with the --process option need to
be modified to use the pid,pid-start-time,uid argument for that option, to
allow pkcheck to check process authorization correctly.

The system must be rebooted for this update to take effect.
--

SL6
  x86_64
    polkit-0.96-5.el6_4.i686.rpm
    polkit-0.96-5.el6_4.x86_64.rpm
    polkit-debuginfo-0.96-5.el6_4.i686.rpm
    polkit-debuginfo-0.96-5.el6_4.x86_64.rpm
    polkit-devel-0.96-5.el6_4.i686.rpm
    polkit-devel-0.96-5.el6_4.x86_64.rpm
    polkit-docs-0.96-5.el6_4.x86_64.rpm
  i386
    polkit-0.96-5.el6_4.i686.rpm
    polkit-debuginfo-0.96-5.el6_4.i686.rpm
    polkit-devel-0.96-5.el6_4.i686.rpm
    polkit-docs-0.96-5.el6_4.i686.rpm
  noarch
    polkit-desktop-policy-0.96-5.el6_4.noarch.rpm

- Scientific Linux Development Team
 
CD: 3ms