[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2014:1359-01 -- Redhat polkit-qt

ID: oval:org.secpod.oval:def:501399Date: (C)2014-10-13   (M)2022-09-09
Class: PATCHFamily: unix




Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent , which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

Platform:
Red Hat Enterprise Linux 7
Product:
polkit-qt
Reference:
RHSA-2014:1359-01
CVE-2014-5033
CVE    1
CVE-2014-5033
CPE    2
cpe:/a:kde:polkit-qt
cpe:/o:redhat:enterprise_linux:7

© SecPod Technologies