#6682: polkit-0.113
-------------------------+--------------------------
Reporter: fo | Owner: blfs-book@…
Type: enhancement | Status: new
Priority: high | Milestone: 7.8
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+--------------------------
Description changed by fo:
Old description:
> [http://www.freedesktop.org/software/polkit/releases/polkit-0.113.tar.gz]
>
> [http://www.freedesktop.org/software/polkit/releases/polkit-0.113.tar.gz.sign]
>
> [http://cgit.freedesktop.org/polkit/plain/NEWS]A
>
> or
>
> [http://lists.freedesktop.org/archives/polkit-
> devel/2015-July/000432.html]
>
> {{{
> --------------
> polkit 0.113
> --------------
>
> NOTE: This release is an important security update, see below.
>
> WARNING WARNING WARNING: This is a prerelease on the road to polkit
> 1.0. Public API might change and certain parts of the code still needs
> some security review. Use at your own risk.
>
> This is polkit 0.113.
>
> Highlights:
>
> Fixes CVE-2015-4625, a local privilege escalation due to predictable
> authentication session cookie values. Thanks to Tavis Ormandy, Google
> Project Zero for reporting this issue. For the future, authentication
> agents are encouraged to use PolkitAgentSession instead of using the
> D-Bus agent response API directly.
>
> Fixes CVE-2015-3256, various memory corruption vulnerabilities in use
> of the JavaScript interpreter, possibly leading to local privilege
> escalation.
>
> Fixes CVE-2015-3255, a memory corruption vulnerability in handling
> duplicate action IDs, possibly leading to local privilege escalation.
> Thanks to Laurent Bigonville for reporting this issue.
>
> Fixes CVE-2015-3218, which allowed any local user to crash polkitd.
> Thanks to Tavis Ormandy, Google Project Zero, for reporting this issue.
>
> On systemd-213 and later, the “active” state is shared across all
> sessions of an user, instead of being tracked separately.
>
> (pkexec), when not given a program to execute, runs the users’ shell by
> default.
>
> Build requirements
>
> glib, gobject, gio >= 2.30
> mozjs185 or mozjs-17.0
> gobject-introspection >= 0.6.2 (optional)
> pam (optional)
> ConsoleKit OR systemd
>
> Changes since polkit 0.112:
>
> • PolkitSystemBusName: Add public API to retrieve Unix user
> • examples/cancel: Fix to securely lookup subject
> • sessionmonitor-systemd: Deduplicate code paths
> • PolkitSystemBusName: Retrieve both pid and uid
> • Port internals non-deprecated PolkitProcess API where possible
> • Use G_GNUC_BEGIN_IGNORE_DEPRECATIONS to avoid warning spam
> • pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR
> • pkexec: Support just plain "pkexec" to run shell
> • .dir-locals: Style for Emacs - we don't use tabs
> • authority: Avoid cookie wrapping by using u64 counter
> • CVE-2015-3218: backend: Handle invalid object paths in
> RegisterAuthenticationAgent
> • build: Start using git.mk
> • Revert "authority: Avoid cookie wrapping by using u64 counter"
> • authority: Add a helper method for checking whether an identity
> is root
> • CVE-2015-4625: Use unpredictable cookie values, keep them secret
> • CVE-2015-4625: Bind use of cookies to specific uids
> • README: Note to send security reports via DBus's mechanism
>
> • sessionmonitor-systemd: prepare for D-Bus "user bus" model
>
> • polkitd: Fix problem with removing non-existent source
>
> • authority: Fix memory leak in EnumerateActions call results
> handler
>
> • Post-release version bump to 0.113
> • Don't discard error data returned by
> polkit_system_bus_name_get_user_sync
> • Fix a memory leak
> • Refuse duplicate --user arguments to pkexec
> • Fix a possible NULL dereference.
> • Remove a redundant assignment.
> • Simplify forced error domain registration
> • Fix a typo, s/Evaluting/Evaluating/g
> • s/INCLUDES/AM_CPPFLAGS/g
> • Fix duplicate GError use when "uid" is missing
> • Fix a crash when two authentication requests are in flight.
> • docs: Update for changes to uid
> binding/AuthenticationAgentResponse2
> • Don't pass an uninitialized JS parameter
> • Don't add extra NULL group to subject.groups
> • Don't store unrooted jsvals on heap
> • Fix a per-authorization memory leak
> • Fix a memory leak when registering an authentication agent
> • Wrap all JS usage within “requests”
> • Register heap-based JSObject pointers to GC
> • Prevent builds against SpiderMonkey with exact stack rooting
> • Clear the JS operation callback before invoking JS in the
> callback
> • Fix spurious timeout exceptions on GC
> • Fix GHashTable usage.
> • Fix use-after-free in polkitagentsession.c
>
> • sessionmonitor-systemd: Use sd_uid_get_state() to check session
> activity
>
> • PolkitAgentSession: fix race between child and io watches
>
> • Use libsystemd instead of older libsystemd-login if possible
>
> • build: Fix several issues on FreeBSD
>
> • Fixed compilation problem in the backend
>
> Colin Walters and Miloslav Trmač,
> July 2, 2015
> }}}
New description:
[http://www.freedesktop.org/software/polkit/releases/polkit-0.113.tar.gz]
[http://www.freedesktop.org/software/polkit/releases/polkit-0.113.tar.gz.sign]
[http://cgit.freedesktop.org/polkit/plain/NEWS]
or
[http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html]
{{{
--------------
polkit 0.113
--------------
NOTE: This release is an important security update, see below.
WARNING WARNING WARNING: This is a prerelease on the road to polkit
1.0. Public API might change and certain parts of the code still needs
some security review. Use at your own risk.
This is polkit 0.113.
Highlights:
Fixes CVE-2015-4625, a local privilege escalation due to predictable
authentication session cookie values. Thanks to Tavis Ormandy, Google
Project Zero for reporting this issue. For the future, authentication
agents are encouraged to use PolkitAgentSession instead of using the
D-Bus agent response API directly.
Fixes CVE-2015-3256, various memory corruption vulnerabilities in use
of the JavaScript interpreter, possibly leading to local privilege
escalation.
Fixes CVE-2015-3255, a memory corruption vulnerability in handling
duplicate action IDs, possibly leading to local privilege escalation.
Thanks to Laurent Bigonville for reporting this issue.
Fixes CVE-2015-3218, which allowed any local user to crash polkitd.
Thanks to Tavis Ormandy, Google Project Zero, for reporting this issue.
On systemd-213 and later, the “active” state is shared across all
sessions of an user, instead of being tracked separately.
(pkexec), when not given a program to execute, runs the users’ shell by
default.
Build requirements
glib, gobject, gio >= 2.30
mozjs185 or mozjs-17.0
gobject-introspection >= 0.6.2 (optional)
pam (optional)
ConsoleKit OR systemd
Changes since polkit 0.112:
• PolkitSystemBusName: Add public API to retrieve Unix user
• examples/cancel: Fix to securely lookup subject
• sessionmonitor-systemd: Deduplicate code paths
• PolkitSystemBusName: Retrieve both pid and uid
• Port internals non-deprecated PolkitProcess API where possible
• Use G_GNUC_BEGIN_IGNORE_DEPRECATIONS to avoid warning spam
• pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR
• pkexec: Support just plain "pkexec" to run shell
• .dir-locals: Style for Emacs - we don't use tabs
• authority: Avoid cookie wrapping by using u64 counter
• CVE-2015-3218: backend: Handle invalid object paths in
RegisterAuthenticationAgent
• build: Start using git.mk
• Revert "authority: Avoid cookie wrapping by using u64 counter"
• authority: Add a helper method for checking whether an identity
is root
• CVE-2015-4625: Use unpredictable cookie values, keep them secret
• CVE-2015-4625: Bind use of cookies to specific uids
• README: Note to send security reports via DBus's mechanism
• sessionmonitor-systemd: prepare for D-Bus "user bus" model
• polkitd: Fix problem with removing non-existent source
• authority: Fix memory leak in EnumerateActions call results
handler
• Post-release version bump to 0.113
• Don't discard error data returned by
polkit_system_bus_name_get_user_sync
• Fix a memory leak
• Refuse duplicate --user arguments to pkexec
• Fix a possible NULL dereference.
• Remove a redundant assignment.
• Simplify forced error domain registration
• Fix a typo, s/Evaluting/Evaluating/g
• s/INCLUDES/AM_CPPFLAGS/g
• Fix duplicate GError use when "uid" is missing
• Fix a crash when two authentication requests are in flight.
• docs: Update for changes to uid
binding/AuthenticationAgentResponse2
• Don't pass an uninitialized JS parameter
• Don't add extra NULL group to subject.groups
• Don't store unrooted jsvals on heap
• Fix a per-authorization memory leak
• Fix a memory leak when registering an authentication agent
• Wrap all JS usage within “requests”
• Register heap-based JSObject pointers to GC
• Prevent builds against SpiderMonkey with exact stack rooting
• Clear the JS operation callback before invoking JS in the
callback
• Fix spurious timeout exceptions on GC
• Fix GHashTable usage.
• Fix use-after-free in polkitagentsession.c
• sessionmonitor-systemd: Use sd_uid_get_state() to check session
activity
• PolkitAgentSession: fix race between child and io watches
• Use libsystemd instead of older libsystemd-login if possible
• build: Fix several issues on FreeBSD
• Fixed compilation problem in the backend
Colin Walters and Miloslav Trmač,
July 2, 2015
}}}
--
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/6682#comment:1>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
