LWN.net Logo

Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

spice-gtk: authorization bypass
Package(s):spice-gtk CVE #(s):CVE-2013-4324
Created:September 20, 2013 Updated:September 27, 2013
Description: From the Red Hat advisory:

spice-gtk communicated with PolicyKit for authorization via an API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies spice-gtk to communicate with PolicyKit via a different API that is not vulnerable to the race condition.

Alerts:
Red Hat RHSA-2013:1273-01 2013-09-19
CentOS CESA-2013:1273 2013-09-20
Oracle ELSA-2013-1273 2013-09-19
Scientific Linux SLSA-2013:1273-1 2013-09-19
Fedora FEDORA-2013-17109 2013-09-27
Mageia MGASA-2013-0293 2013-10-05
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds