policykit-1 (0.104-1ubuntu1.5) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: start time protection mechanism bypass
    - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
      for temporary authorizations in src/polkit/polkitsubject.c,
      src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - CVE-2019-6133

policykit-1 (0.104-1ubuntu1.4) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: authorization bypass with large uid
    - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
      PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
      src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
    - debian/patches/CVE-2018-19788-2.patch: add tests to
      test/data/etc/group, test/data/etc/passwd,
      test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
      test/polkitbackend/polkitbackendlocalauthoritytest.c.
    - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
      PolkitUnixProcess in src/polkit/polkitunixprocess.c.
    - CVE-2018-19788

policykit-1 (0.104-1ubuntu1.2) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: privilege escalation via duplicate action IDs
    - debian/patches/CVE-2015-3255.patch: fix GHashTable usage in
      src/polkitbackend/polkitbackendactionpool.c.
    - CVE-2015-3255
  * SECURITY UPDATE: DoS and information disclosure
    - debian/patches/CVE-2018-1116.patch: properly check UID in
      src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c,
      src/polkitbackend/polkitbackendsessionmonitor-systemd.c,
      src/polkitbackend/polkitbackendsessionmonitor.c,
      src/polkitbackend/polkitbackendsessionmonitor.h.
    - debian/libpolkit-gobject-1-0.symbols: updated for new private symbol.
    - CVE-2018-1116

Date: 2019-08-29 18:57:14.122606+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langa...@canonical.com>
https://launchpad.net/ubuntu/+source/policykit-1/0.104-1ubuntu1.5
Sorry, changesfile not available.
-- 
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/precise-changes

Reply via email to