policykit-1 (0.104-1ubuntu1.5) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: start time protection mechanism bypass
- debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
for temporary authorizations in src/polkit/polkitsubject.c,
src/polkit/polkitunixprocess.c,
src/polkitbackend/polkitbackendinteractiveauthority.c.
- CVE-2019-6133
policykit-1 (0.104-1ubuntu1.4) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: authorization bypass with large uid
- debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
- debian/patches/CVE-2018-19788-2.patch: add tests to
test/data/etc/group, test/data/etc/passwd,
test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
test/polkitbackend/polkitbackendlocalauthoritytest.c.
- debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
PolkitUnixProcess in src/polkit/polkitunixprocess.c.
- CVE-2018-19788
policykit-1 (0.104-1ubuntu1.2) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: privilege escalation via duplicate action IDs
- debian/patches/CVE-2015-3255.patch: fix GHashTable usage in
src/polkitbackend/polkitbackendactionpool.c.
- CVE-2015-3255
* SECURITY UPDATE: DoS and information disclosure
- debian/patches/CVE-2018-1116.patch: properly check UID in
src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c,
src/polkitbackend/polkitbackendinteractiveauthority.c,
src/polkitbackend/polkitbackendsessionmonitor-systemd.c,
src/polkitbackend/polkitbackendsessionmonitor.c,
src/polkitbackend/polkitbackendsessionmonitor.h.
- debian/libpolkit-gobject-1-0.symbols: updated for new private symbol.
- CVE-2018-1116
Date: 2019-08-29 18:57:14.122606+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langa...@canonical.com>
https://launchpad.net/ubuntu/+source/policykit-1/0.104-1ubuntu1.5
Sorry, changesfile not available.
--
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/precise-changes