ALT-BU-2021-4596-1
Branch sisyphus_riscv64 update bulletin.
Package polkit updated to version 0.120-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2019-00885
Уязвимость программной платформы для управления административными политиками и привилегиями Policykit, связанная с ошибками при обработке больших значений идентификаторов пользователей, позволяющая нарушителю обойти процедуру аутентификации
BDU:2019-01338
Уязвимость библиотеки Polkit операционных систем Linux, позволяющая нарушителю выполнить произвольные команды
BDU:2021-03207
Уязвимость функции polkit_system_bus_name_get_creds_sync() демона dbus-daemon библиотеки Polkit, позволяющая нарушителю повысить свои привилегии
Modified: 2024-11-21
CVE-2018-19788
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
- RHSA-2019:2046
- RHSA-2019:2046
- RHSA-2019:3232
- RHSA-2019:3232
- https://bugs.debian.org/915332
- https://bugs.debian.org/915332
- https://gitlab.freedesktop.org/polkit/polkit/issues/74
- https://gitlab.freedesktop.org/polkit/polkit/issues/74
- [debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update
- [debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update
- GLSA-201908-14
- GLSA-201908-14
- https://security.netapp.com/advisory/ntap-20240816-0001/
- USN-3861-1
- USN-3861-1
- USN-3861-2
- USN-3861-2
- DSA-4350
- DSA-4350
Modified: 2024-11-21
CVE-2019-6133
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
- openSUSE-SU-2019:1914
- openSUSE-SU-2019:1914
- 106537
- 106537
- RHSA-2019:0230
- RHSA-2019:0230
- RHSA-2019:0420
- RHSA-2019:0420
- RHSA-2019:0832
- RHSA-2019:0832
- RHSA-2019:2699
- RHSA-2019:2699
- RHSA-2019:2978
- RHSA-2019:2978
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
- https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf
- https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf
- https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
- https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
- https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
- https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
- [debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update
- [debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update
- https://support.f5.com/csp/article/K22715344
- https://support.f5.com/csp/article/K22715344
- USN-3901-1
- USN-3901-1
- USN-3901-2
- USN-3901-2
- USN-3903-1
- USN-3903-1
- USN-3903-2
- USN-3903-2
- USN-3908-1
- USN-3908-1
- USN-3908-2
- USN-3908-2
- USN-3910-1
- USN-3910-1
- USN-3910-2
- USN-3910-2
- USN-3934-1
- USN-3934-1
- USN-3934-2
- USN-3934-2
Modified: 2025-04-03
CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html
- http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html
- http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html
- http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1961710
- https://bugzilla.redhat.com/show_bug.cgi?id=1961710
- https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
- https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
Closed bugs
Polkit не проверяет список групп пользователя, назначенныx через NSS.
Package expat updated to version 2.4.1-alt2 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2013-0340
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
- [oss-security] 20130221 CVEs for libxml2 and expat internal and external XML entity expansion
- [oss-security] 20130221 CVEs for libxml2 and expat internal and external XML entity expansion
- 20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15
- 20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15
- 20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8
- 20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8
- 20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15
- 20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15
- 20210921 APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15
- 20210921 APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15
- 20210921 APPLE-SA-2021-09-20-2 watchOS 8
- 20210921 APPLE-SA-2021-09-20-2 watchOS 8
- 20210921 APPLE-SA-2021-09-20-3 tvOS 15
- 20210921 APPLE-SA-2021-09-20-3 tvOS 15
- 20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8
- 20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8
- 20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6
- 20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6
- 20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina
- 20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina
- 1028213
- 1028213
- [oss-security] 20130413 Re-evaluating expat/libxml2 CVE assignments
- [oss-security] 20130413 Re-evaluating expat/libxml2 CVE assignments
- [oss-security] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs
- [oss-security] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs
- 90634
- 90634
- 58233
- 58233
- [announce] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs
- [announce] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs
- [openoffice-users] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs
- [openoffice-users] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs
- GLSA-201701-21
- GLSA-201701-21
- https://support.apple.com/kb/HT212804
- https://support.apple.com/kb/HT212804
- https://support.apple.com/kb/HT212805
- https://support.apple.com/kb/HT212805
- https://support.apple.com/kb/HT212807
- https://support.apple.com/kb/HT212807
- https://support.apple.com/kb/HT212814
- https://support.apple.com/kb/HT212814
- https://support.apple.com/kb/HT212815
- https://support.apple.com/kb/HT212815
- https://support.apple.com/kb/HT212819
- https://support.apple.com/kb/HT212819
Closed bugs
libexpat-devel: упакованы битые конфиги для cmake