commit patchinfo.4074 for openSUSE:13.2:Update

Wed, 14 Oct 2015 00:09:07 -0700 

Hello community,

here is the log from the commit of package patchinfo.4074 for 
openSUSE:13.2:Update checked in at 2015-10-14 09:08:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.2:Update/patchinfo.4074 (Old)
 and      /work/SRC/openSUSE:13.2:Update/.patchinfo.4074.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "patchinfo.4074"

Changes:
--------
New Changes file:

NO CHANGES FILE!!!

New:
----
  _patchinfo

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo incident="4074">
  <packager>AndreasStieger</packager>
  <issue tracker="cve" id="CVE-2015-4625"></issue>
  <issue tracker="cve" id="CVE-2015-3256"></issue>
  <issue tracker="cve" id="CVE-2015-3255"></issue>
  <issue tracker="cve" id="CVE-2015-3218"></issue>
  <issue tracker="bnc" id="935119">VUL-1: CVE-2015-4625: polkit: cookie 
generation wrapping with 32bit counter</issue>
  <issue tracker="bnc" id="943816">VUL-0: CVE-2015-3256: polkit: Memory 
corruption via javascript rule evaluation</issue>
  <issue tracker="bnc" id="939246">VUL-0: CVE-2015-3255: polkit: 
Heap-corruption on duplicate ids</issue>
  <issue tracker="bnc" id="933922">VUL-1: CVE-2015-3218: polkit: crash 
authentication_agent_new with invalid object path in 
RegisterAuthenticationAgent</issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for polkit</summary>
  <description>Polkit was updated to 0.113 to fix four security issues.

The following vulnerabilities were fixed:

* CVE-2015-4625: a local privilege escalation due to predictable authentication 
session cookie values. (boo#935119)
* CVE-2015-3256: various memory corruption vulnerabilities in use of the 
JavaScript interpreter, possibly leading to local privilege escalation. 
(boo#943816)
* CVE-2015-3255: a memory corruption vulnerability in handling duplicate action 
IDs, possibly leading to local privilege escalation. (boo#939246)
* CVE-2015-3218: Allowed any local user to crash polkitd. 
(boo#933922)</description>
</patchinfo>

Reply via email to