Security update for polkit SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1927-1 Final 1 1 2015-10-30T10:55:35Z current 2015-10-30T10:55:35Z 2015-10-30T10:55:35Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for polkit polkit was updated to the 0.113 release, fixing security issues and bugs. Security issues fixed: * Fixes CVE-2015-4625, a local privilege escalation due to predictable authentication session cookie values. Thanks to Tavis Ormandy, Google Project Zero for reporting this issue. For the future, authentication agents are encouraged to use PolkitAgentSession instead of using the D-Bus agent response API directly. (bsc#935119) * Fixes CVE-2015-3256, various memory corruption vulnerabilities in use of the JavaScript interpreter, possibly leading to local privilege escalation. (bsc#943816) * Fixes CVE-2015-3255, a memory corruption vulnerability in handling duplicate action IDs, possibly leading to local privilege escalation. Thanks to Laurent Bigonville for reporting this issue. (bsc#939246) * Fixes CVE-2015-3218, which allowed any local user to crash polkitd. Thanks to Tavis Ormandy, Google Project Zero, for reporting this issue. (bsc#933922) Other issues fixed: * On systemd-213 and later, the 'active' state is shared across all sessions of an user, instead of being tracked separately. * pkexec, when not given a program to execute, runs the users shell by default. * Fixed shutdown problems on powerpc64le (bsc#950114) * polkit had a memory leak (bsc#912889) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html E-Mail link for openSUSE-SU-2015:1927-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 libpolkit0-0.113-6.1 libpolkit0-32bit-0.113-6.1 polkit-0.113-6.1 polkit-devel-0.113-6.1 polkit-doc-0.113-6.1 typelib-1_0-Polkit-1_0-0.113-6.1 libpolkit0-0.113-6.1 as a component of openSUSE Leap 42.1 libpolkit0-32bit-0.113-6.1 as a component of openSUSE Leap 42.1 polkit-0.113-6.1 as a component of openSUSE Leap 42.1 polkit-devel-0.113-6.1 as a component of openSUSE Leap 42.1 polkit-doc-0.113-6.1 as a component of openSUSE Leap 42.1 typelib-1_0-Polkit-1_0-0.113-6.1 as a component of openSUSE Leap 42.1 The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path. CVE-2015-3218 openSUSE Leap 42.1:libpolkit0-0.113-6.1 openSUSE Leap 42.1:libpolkit0-32bit-0.113-6.1 openSUSE Leap 42.1:polkit-0.113-6.1 openSUSE Leap 42.1:polkit-devel-0.113-6.1 openSUSE Leap 42.1:polkit-doc-0.113-6.1 openSUSE Leap 42.1:typelib-1_0-Polkit-1_0-0.113-6.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html https://www.suse.com/security/cve/CVE-2015-3218.html CVE-2015-3218 https://bugzilla.suse.com/933922 SUSE Bug 933922 https://bugzilla.suse.com/943816 SUSE Bug 943816 The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions. CVE-2015-3255 openSUSE Leap 42.1:libpolkit0-0.113-6.1 openSUSE Leap 42.1:libpolkit0-32bit-0.113-6.1 openSUSE Leap 42.1:polkit-0.113-6.1 openSUSE Leap 42.1:polkit-devel-0.113-6.1 openSUSE Leap 42.1:polkit-doc-0.113-6.1 openSUSE Leap 42.1:typelib-1_0-Polkit-1_0-0.113-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html https://www.suse.com/security/cve/CVE-2015-3255.html CVE-2015-3255 https://bugzilla.suse.com/939246 SUSE Bug 939246 https://bugzilla.suse.com/943816 SUSE Bug 943816 PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation." CVE-2015-3256 openSUSE Leap 42.1:libpolkit0-0.113-6.1 openSUSE Leap 42.1:libpolkit0-32bit-0.113-6.1 openSUSE Leap 42.1:polkit-0.113-6.1 openSUSE Leap 42.1:polkit-devel-0.113-6.1 openSUSE Leap 42.1:polkit-doc-0.113-6.1 openSUSE Leap 42.1:typelib-1_0-Polkit-1_0-0.113-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html https://www.suse.com/security/cve/CVE-2015-3256.html CVE-2015-3256 https://bugzilla.suse.com/943816 SUSE Bug 943816 Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. CVE-2015-4625 openSUSE Leap 42.1:libpolkit0-0.113-6.1 openSUSE Leap 42.1:libpolkit0-32bit-0.113-6.1 openSUSE Leap 42.1:polkit-0.113-6.1 openSUSE Leap 42.1:polkit-devel-0.113-6.1 openSUSE Leap 42.1:polkit-doc-0.113-6.1 openSUSE Leap 42.1:typelib-1_0-Polkit-1_0-0.113-6.1 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html https://www.suse.com/security/cve/CVE-2015-4625.html CVE-2015-4625 https://bugzilla.suse.com/935119 SUSE Bug 935119 https://bugzilla.suse.com/943816 SUSE Bug 943816