Download
| Alert*
oval:org.secpod.oval:def:2103542
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. oval:org.secpod.oval:def:89003082 This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT oval:org.secpod.oval:def:115739 polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. oval:org.secpod.oval:def:115617 polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. oval:org.secpod.oval:def:115621 polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. oval:org.secpod.oval:def:53473 It was discovered that incorrect processing of very high UIDs in Policykit, a framework for managing administrative policies and privileges, could result in authentication bypass. oval:org.secpod.oval:def:503285 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Improper handling of user with uid > INT_MAX leading to authentication bypa ... oval:org.secpod.oval:def:51031 policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access. oval:org.secpod.oval:def:1504099 [0.112-22.0.1] - Increase timeout to avoid defunct processes [Orabug: 26930744] [0.112-22] - pkttyagent: polkit-agent-helper-1 timeout leaves tty echo disabled - Resolves: rhbz#1325512 [0.112-21] - Mitigation of regression caused by fix of CVE-2018-19788 - Resolves: rhbz#1656377 [0.112-20] - Fix of ... oval:org.secpod.oval:def:205339 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Improper handling of user with uid > INT_MAX leading to authentication bypa ... oval:org.secpod.oval:def:50279 policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access. oval:org.secpod.oval:def:603584 It was discovered that incorrect processing of very high UIDs in Policykit, a framework for managing administrative policies and privileges, could result in authentication bypass. oval:org.secpod.oval:def:1700241 A flaw was found in PolicyKit 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. |