Security update for polkit SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1734-1 Final 1 1 2015-10-06T19:48:48Z current 2015-10-06T19:48:48Z 2015-10-06T19:48:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for polkit Polkit was updated to 0.113 to fix four security issues. The following vulnerabilities were fixed: * CVE-2015-4625: a local privilege escalation due to predictable authentication session cookie values. (boo#935119) * CVE-2015-3256: various memory corruption vulnerabilities in use of the JavaScript interpreter, possibly leading to local privilege escalation. (boo#943816) * CVE-2015-3255: a memory corruption vulnerability in handling duplicate action IDs, possibly leading to local privilege escalation. (boo#939246) * CVE-2015-3218: Allowed any local user to crash polkitd. (boo#933922) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html E-Mail link for openSUSE-SU-2015:1734-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings libpolkit0-0.113-9.1 libpolkit0-32bit-0.113-9.1 polkit-0.113-9.1 polkit-devel-0.113-9.1 polkit-doc-0.113-9.1 typelib-1_0-Polkit-1_0-0.113-9.1 The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path. CVE-2015-3218 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html https://www.suse.com/security/cve/CVE-2015-3218.html CVE-2015-3218 https://bugzilla.suse.com/933922 SUSE Bug 933922 https://bugzilla.suse.com/943816 SUSE Bug 943816 The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions. CVE-2015-3255 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html https://www.suse.com/security/cve/CVE-2015-3255.html CVE-2015-3255 https://bugzilla.suse.com/939246 SUSE Bug 939246 https://bugzilla.suse.com/943816 SUSE Bug 943816 PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation." CVE-2015-3256 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html https://www.suse.com/security/cve/CVE-2015-3256.html CVE-2015-3256 https://bugzilla.suse.com/943816 SUSE Bug 943816 Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. CVE-2015-4625 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html https://www.suse.com/security/cve/CVE-2015-4625.html CVE-2015-4625 https://bugzilla.suse.com/935119 SUSE Bug 935119 https://bugzilla.suse.com/943816 SUSE Bug 943816