Download
| Alert*
oval:org.secpod.oval:def:502615
The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Temporary auth hijacking via PID reuse and non-atomic fork For more details a ... oval:org.secpod.oval:def:2000401 In PolicyKit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. oval:org.secpod.oval:def:704874 policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access. oval:org.secpod.oval:def:1801743 In PolicyKit 0.115, the start time protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. oval:org.secpod.oval:def:1502433 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89050559 This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend . oval:org.secpod.oval:def:1801749 In PolicyKit 0.115, the start time protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. oval:org.secpod.oval:def:205165 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Temporary auth hijacking via PID reuse and non-atomic fork For more details a ... oval:org.secpod.oval:def:53015 linux: Linux kernel The system could be made to run programs as an administrator. oval:org.secpod.oval:def:205168 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Temporary auth hijacking via PID reuse and non-atomic fork For more details a ... oval:org.secpod.oval:def:704821 linux: Linux kernel The system could be made to run programs as an administrator. oval:org.secpod.oval:def:1502569 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89003236 This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend . oval:org.secpod.oval:def:54117 policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access. oval:org.secpod.oval:def:1502450 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502605 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Temporary auth hijacking via PID reuse and non-atomic fork For more details a ... oval:org.secpod.oval:def:1700144 A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges. oval:org.secpod.oval:def:89000502 The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote use ... oval:org.secpod.oval:def:89002831 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel . - CVE-2020-29569: Fixed ... oval:org.secpod.oval:def:704806 linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several securit ... oval:org.secpod.oval:def:704807 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-rasp ... oval:org.secpod.oval:def:704808 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704809 linux: Linux kernel - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:70161 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-rasp ... oval:org.secpod.oval:def:70162 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:1502570 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:52138 linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several securit ... oval:org.secpod.oval:def:1502571 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:70163 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704825 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704826 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. |