Scientific Linux alert SLSA-2013:1270-1 (polkit) [LWN.net]


From:
    	       Pat Riehecky <riehecky@fnal.gov> 
To:
    	       <scientific-linux-errata@listserv.fnal.gov> 
Subject:
    	       Security ERRATA Important: polkit on SL6.x i386/x86_64 
Date:
    	       Thu, 19 Sep 2013 19:26:09 +0000
Message-ID:
    	       <20130919192609.18876.1973@slpackages.fnal.gov>
Archive-link:
    	       Article, Thread
              
Synopsis:          Important: polkit security update
Advisory ID:       SLSA-2013:1270-1
Issue Date:        2013-09-19
CVE Numbers:       CVE-2013-4288
--

A race condition was found in the way the PolicyKit pkcheck utility
checked process authorization when the process was specified by its
process ID via the --process option. A local user could use this flaw to
bypass intended PolicyKit authorizations and escalate their privileges.
(CVE-2013-4288)

Note: Applications that invoke pkcheck with the --process option need to
be modified to use the pid,pid-start-time,uid argument for that option, to
allow pkcheck to check process authorization correctly.

The system must be rebooted for this update to take effect.
--

SL6
  x86_64
    polkit-0.96-5.el6_4.i686.rpm
    polkit-0.96-5.el6_4.x86_64.rpm
    polkit-debuginfo-0.96-5.el6_4.i686.rpm
    polkit-debuginfo-0.96-5.el6_4.x86_64.rpm
    polkit-devel-0.96-5.el6_4.i686.rpm
    polkit-devel-0.96-5.el6_4.x86_64.rpm
    polkit-docs-0.96-5.el6_4.x86_64.rpm
  i386
    polkit-0.96-5.el6_4.i686.rpm
    polkit-debuginfo-0.96-5.el6_4.i686.rpm
    polkit-devel-0.96-5.el6_4.i686.rpm
    polkit-docs-0.96-5.el6_4.i686.rpm
  noarch
    polkit-desktop-policy-0.96-5.el6_4.noarch.rpm

- Scientific Linux Development Team
(Log in to post comments)