Advisories ยป MGASA-2015-0262

Updated polkit package fixes security vulnerabilities

Publication date: 05 Jul 2015
Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-3218 , CVE-2015-3255 , CVE-2015-3256 , CVE-2015-4625

Description

Local privilege escalation in polkit before 0.113 due to predictable
authentication session cookie values (CVE-2015-4625).

Various memory corruption vulnerabilities in polkit before 0.113 in the
use of the JavaScript interpreter, possibly leading to local privilege
escalation (CVE-2015-3256).

Memory corruption vulnerability in polkit before 0.113 in handling
duplicate action IDs, possibly leading to local privilege escalation
(CVE-2015-3255).

Denial of service issue in polkit before 0.113 which allowed any local
user to crash polkitd (CVE-2015-3218).
                

References

SRPMS

5/core

4/core