|
|
Subscribe / Log in / New account

polkit: multiple vulnerabilities

Package(s):polkit CVE #(s):CVE-2015-4625 CVE-2015-3256 CVE-2015-3255 CVE-2015-3218
Created:July 6, 2015 Updated:November 15, 2016
Description: From the Mageia advisory:

Local privilege escalation in polkit before 0.113 due to predictable authentication session cookie values (CVE-2015-4625).

Various memory corruption vulnerabilities in polkit before 0.113 in the use of the JavaScript interpreter, possibly leading to local privilege escalation (CVE-2015-3256).

Memory corruption vulnerability in polkit before 0.113 in handling duplicate action IDs, possibly leading to local privilege escalation (CVE-2015-3255).

Denial of service issue in polkit before 0.113 which allowed any local user to crash polkitd (CVE-2015-3218).

Alerts:
Gentoo 201611-07 polkit 2016-11-15
Scientific Linux SLSA-2016:0189-1 polkit 2016-02-16
Oracle ELSA-2016-0189 polkit 2016-02-16
CentOS CESA-2016:0189 polkit 2016-02-17
Red Hat RHSA-2016:0189-01 polkit 2016-02-16
openSUSE openSUSE-SU-2015:1927-1 polkit 2015-11-06
openSUSE openSUSE-SU-2015:1734-1 polkit 2015-10-14
Fedora FEDORA-2015-11743 polkit 2015-07-21
Fedora FEDORA-2015-11058 polkit 2015-07-13
Mageia MGASA-2015-0262 polkit 2015-07-05
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds