ALT-PU-2021-4594-1
Package polkit updated to version 0.120-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2019-00885
Уязвимость программной платформы для управления административными политиками и привилегиями Policykit, связанная с ошибками при обработке больших значений идентификаторов пользователей, позволяющая нарушителю обойти процедуру аутентификации
BDU:2019-01338
Уязвимость библиотеки Polkit операционных систем Linux, позволяющая нарушителю выполнить произвольные команды
BDU:2021-03207
Уязвимость функции polkit_system_bus_name_get_creds_sync() демона dbus-daemon библиотеки Polkit, позволяющая нарушителю повысить свои привилегии
Modified: 2024-11-21
CVE-2018-19788
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
- RHSA-2019:2046
- RHSA-2019:2046
- RHSA-2019:3232
- RHSA-2019:3232
- https://bugs.debian.org/915332
- https://bugs.debian.org/915332
- https://gitlab.freedesktop.org/polkit/polkit/issues/74
- https://gitlab.freedesktop.org/polkit/polkit/issues/74
- [debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update
- [debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update
- GLSA-201908-14
- GLSA-201908-14
- https://security.netapp.com/advisory/ntap-20240816-0001/
- USN-3861-1
- USN-3861-1
- USN-3861-2
- USN-3861-2
- DSA-4350
- DSA-4350
Modified: 2024-11-21
CVE-2019-6133
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
- openSUSE-SU-2019:1914
- openSUSE-SU-2019:1914
- 106537
- 106537
- RHSA-2019:0230
- RHSA-2019:0230
- RHSA-2019:0420
- RHSA-2019:0420
- RHSA-2019:0832
- RHSA-2019:0832
- RHSA-2019:2699
- RHSA-2019:2699
- RHSA-2019:2978
- RHSA-2019:2978
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
- https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf
- https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf
- https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
- https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
- https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
- https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
- [debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update
- [debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update
- https://support.f5.com/csp/article/K22715344
- https://support.f5.com/csp/article/K22715344
- USN-3901-1
- USN-3901-1
- USN-3901-2
- USN-3901-2
- USN-3903-1
- USN-3903-1
- USN-3903-2
- USN-3903-2
- USN-3908-1
- USN-3908-1
- USN-3908-2
- USN-3908-2
- USN-3910-1
- USN-3910-1
- USN-3910-2
- USN-3910-2
- USN-3934-1
- USN-3934-1
- USN-3934-2
- USN-3934-2
Modified: 2025-04-03
CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html
- http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html
- http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html
- http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1961710
- https://bugzilla.redhat.com/show_bug.cgi?id=1961710
- https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
- https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
Closed bugs
Polkit не проверяет список групп пользователя, назначенныx через NSS.