|
|
Subscribe / Log in / New account

spice-gtk: authorization bypass

Package(s):spice-gtk CVE #(s):CVE-2013-4324
Created:September 20, 2013 Updated:January 1, 2014
Description: From the Red Hat advisory:

spice-gtk communicated with PolicyKit for authorization via an API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies spice-gtk to communicate with PolicyKit via a different API that is not vulnerable to the race condition.

Alerts:
Gentoo 201406-27 polkit, Spice-Gtk, systemd, HPLIP, libvirt 2014-06-26
Fedora FEDORA-2013-17195 spice-gtk 2013-12-19
openSUSE openSUSE-SU-2013:1562-1 spice-gtk 2013-10-22
Mageia MGASA-2013-0293 polkit 2013-10-05
Fedora FEDORA-2013-17109 spice-gtk 2013-09-27
Scientific Linux SLSA-2013:1273-1 spice-gtk 2013-09-19
Oracle ELSA-2013-1273 spice-gtk 2013-09-19
CentOS CESA-2013:1273 spice-gtk 2013-09-20
Red Hat RHSA-2013:1273-01 spice-gtk 2013-09-19
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds