[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2014-1359 -- Oracle polkit-qt

ID: oval:org.secpod.oval:def:1500746Date: (C)2014-10-14   (M)2022-10-10
Class: PATCHFamily: unix




Updated polkit-qt packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. Description Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent , which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

Platform:
Oracle Linux 7
Product:
polkit-qt
Reference:
ELSA-2014-1359
CVE-2014-5033
CVE    1
CVE-2014-5033
CPE    2
cpe:/a:kde:polkit-qt
cpe:/o:oracle:linux:7

© SecPod Technologies