UbuntuUpdates.org

Package "policykit-1"

Name: policykit-1

Description:

framework for managing administrative policies and privileges

Latest version: 0.105-21ubuntu0.3
Release: cosmic (18.10)
Level: security
Repository: main
Homepage: https://www.freedesktop.org/wiki/Software/polkit/

Links

Save this URL for the latest version of "policykit-1": https://www.ubuntuupdates.org/policykit-1


Download "policykit-1"


Other versions of "policykit-1" in Cosmic

Repository Area Version
base main 0.105-21
updates main 0.105-21ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.105-21ubuntu0.3 2019-01-16 14:06:32 UTC

  policykit-1 (0.105-21ubuntu0.3) cosmic-security; urgency=medium

  * SECURITY UPDATE: authorization bypass with large uid
    - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
      PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
      src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
    - debian/patches/CVE-2018-19788-2.patch: add tests to
      test/data/etc/group, test/data/etc/passwd,
      test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
      test/polkitbackend/polkitbackendlocalauthoritytest.c.
    - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
      PolkitUnixProcess in src/polkit/polkitunixprocess.c.
    - CVE-2018-19788

 -- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:15:13 -0500

CVE-2018-19788 A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.



About   -   Send Feedback to @ubuntu_updates