Download
| Alert*
oval:org.secpod.oval:def:25171
polkit is installed oval:org.secpod.oval:def:1503455 Updated polkit packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:503596 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Improper authorization in polkit_backend_interactive_authority_check_authoriza ... oval:org.secpod.oval:def:25170 The host is installed with polkit on Red Hat Enterprise Linux 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an invalid object path when calling RegisterAuthenticationAgent. Successful exploitation could allow local attackers ... oval:org.secpod.oval:def:1501342 polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. oval:org.secpod.oval:def:89002539 This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-1116: Fix uid comparison lacking in polkit_backend_interactive_authority_check_authorization . oval:org.secpod.oval:def:203842 PolicyKit is a toolkit for defining and handling authorizations. A denial of service flaw was found in how polkit handled authorization requests. A local, unprivileged user could send malicious requests to polkit, which could then cause the polkit daemon to corrupt its memory and crash. All polkit ... oval:org.secpod.oval:def:89003082 This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT oval:org.secpod.oval:def:120362 polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. oval:org.secpod.oval:def:1505586 [0.115-13.0.1.el8_5.2] - Increase timeout to avoid defunct processes [Orabug: 26930744] [0.115-13.el8_5.2] - necessary version bump due to build versioning - Resolves: CVE-2021-4115 oval:org.secpod.oval:def:3300432 SUSE Security Update: Security update for polkit oval:org.secpod.oval:def:89047580 This update for polkit fixes the following issues: - CVE-2021-4115: Fixed a denial of service via file descriptor leak . oval:org.secpod.oval:def:89046089 This update for polkit fixes the following issues: - CVE-2021-4115: Fixed a denial of service via file descriptor leak . oval:org.secpod.oval:def:89047082 This update for polkit fixes the following issues: - CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync . oval:org.secpod.oval:def:4500079 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and ot ... oval:org.secpod.oval:def:2500452 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. oval:org.secpod.oval:def:73635 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync For mo ... oval:org.secpod.oval:def:1504945 [0.115-11.0.1] - Increase timeout to avoid defunct processes [Orabug: 26930744] [0.115-11.1] - early disconnection from D-Bus results in privilege esc. - Resolves: CVE-2021-3560 oval:org.secpod.oval:def:115739 polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. oval:org.secpod.oval:def:115617 polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. oval:org.secpod.oval:def:205491 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Improper authorization in polkit_backend_interactive_authority_check_authoriza ... oval:org.secpod.oval:def:205339 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Improper handling of user with uid > INT_MAX leading to authentication bypa ... oval:org.secpod.oval:def:114787 polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. oval:org.secpod.oval:def:114864 polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. oval:org.secpod.oval:def:503285 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Improper handling of user with uid > INT_MAX leading to authentication bypa ... oval:org.secpod.oval:def:89049592 This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-1116: Fix uid comparison lacking in polkit_backend_interactive_authority_check_authorization . oval:org.secpod.oval:def:115621 polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. oval:org.secpod.oval:def:1700344 A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and informa ... oval:org.secpod.oval:def:89051325 This update for polkit fixes the following issues: * Change permissions for rules folders oval:org.secpod.oval:def:502615 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Temporary auth hijacking via PID reuse and non-atomic fork For more details a ... oval:org.secpod.oval:def:89050559 This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend . oval:org.secpod.oval:def:205165 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Temporary auth hijacking via PID reuse and non-atomic fork For more details a ... oval:org.secpod.oval:def:205168 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Temporary auth hijacking via PID reuse and non-atomic fork For more details a ... oval:org.secpod.oval:def:89003236 This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend . oval:org.secpod.oval:def:1502450 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502605 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Temporary auth hijacking via PID reuse and non-atomic fork For more details a ... oval:org.secpod.oval:def:1700144 A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges. oval:org.secpod.oval:def:3302243 Security update for polkit oval:org.secpod.oval:def:89051810 This update for polkit fixes the following issues: * Change permissions for rules folders oval:org.secpod.oval:def:2500528 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. oval:org.secpod.oval:def:1700807 A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count c ... oval:org.secpod.oval:def:77530 The polkit package is designed to define and handle policies that allow unprivileged processes to communicate with privileged processes on a Linux system. Pkexec, part of polkit, is a tool that allows the user to execute commands as another user according to the polkit policy definitions using the s ... oval:org.secpod.oval:def:1505419 [0.96-11.0.1.el6_10.1] - pkexec: local privilege escalation [Orabug: 33789506][CVE-2021-4034] oval:org.secpod.oval:def:97598 [CLSA-2022:1643211942] Fixed CVE-2021-4034 in polkit oval:org.secpod.oval:def:19500126 A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count c ... oval:org.secpod.oval:def:89045921 This update for polkit fixes the following issues: - CVE-2021-4034: Fixed a local privilege escalation in pkexec . oval:org.secpod.oval:def:89047541 This update for polkit fixes the following issues: - CVE-2021-4034: Fixed a local privilege escalation in pkexec . oval:org.secpod.oval:def:506846 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Local privilege escalation in pkexec due to incorrect handling of argument vec ... oval:org.secpod.oval:def:19500597 A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a pa ... oval:org.secpod.oval:def:3302658 Security update for polkit |