UbuntuUpdates.org

Package "policykit-1"

Name: policykit-1

Description:

framework for managing administrative policies and privileges
Latest version: 0.104-1ubuntu1.5
Release: precise (12.04)
Level: updates
Repository: main
Homepage: http://hal.freedesktop.org/docs/PolicyKit/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "policykit-1"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "policykit-1" in Precise

Repository Area Version
base main 0.104-1
security main 0.104-1ubuntu1.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.104-1ubuntu1.5 2021-05-03 16:06:19 UTC

  policykit-1 (0.104-1ubuntu1.5) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: start time protection mechanism bypass
    - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
      for temporary authorizations in src/polkit/polkitsubject.c,
      src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - CVE-2019-6133

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 29 Aug 2019 15:18:39 -0300
Source diff to previous version
CVE-2019-6133 In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization deci

Version: 0.104-1ubuntu1.1 2013-09-18 15:08:32 UTC

  policykit-1 (0.104-1ubuntu1.1) precise-security; urgency=low

  * SECURITY UPDATE: use of pkcheck without specifying uid is racy,
    possibly leading to privilege escalation
    - debian/patches/CVE-2013-4288.patch: implement pid,start-time,uid
      syntax so callers have a non-racy way of using pkcheck.
    - CVE-2013-4288
 -- Marc Deslauriers <email address hidden> Wed, 11 Sep 2013 09:48:41 -0400
Source diff to previous version
CVE-2013-4288 RESERVED

Version: 0.104-1ubuntu1 2012-06-04 02:06:39 UTC

  policykit-1 (0.104-1ubuntu1) precise-proposed; urgency=low

  * debian/patches/07_pam_environment.patch: set process environment
    from pam_getenvlist(). Closes LP: #982684.
  * debian/patches/01_pam_polkit.patch: adjust patch to invoke pam_env, so
    our global settings from /etc/environment are applied correctly.
 -- Steve Langasek <email address hidden> Tue, 15 May 2012 15:15:52 -0700
982684 sudo, pkexec don't apply global environment setting...


About   -   Send Feedback to @ubuntu_updates