libpolkit0-0.113-3.4 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10436 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libpolkit0-0.113-3.4 on GA media These are all security issues fixed in the libpolkit0-0.113-3.4 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10436 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10436 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2010-0750/ SUSE CVE CVE-2010-0750 page https://www.suse.com/security/cve/CVE-2011-1485/ SUSE CVE CVE-2011-1485 page https://www.suse.com/security/cve/CVE-2013-4288/ SUSE CVE CVE-2013-4288 page https://www.suse.com/security/cve/CVE-2015-3218/ SUSE CVE CVE-2015-3218 page https://www.suse.com/security/cve/CVE-2015-3255/ SUSE CVE CVE-2015-3255 page https://www.suse.com/security/cve/CVE-2015-3256/ SUSE CVE CVE-2015-3256 page https://www.suse.com/security/cve/CVE-2015-4625/ SUSE CVE CVE-2015-4625 page openSUSE Tumbleweed libpolkit0-0.113-3.4 libpolkit0-32bit-0.113-3.4 polkit-0.113-3.4 polkit-devel-0.113-3.4 polkit-doc-0.113-3.4 typelib-1_0-Polkit-1_0-0.113-3.4 libpolkit0-0.113-3.4 as a component of openSUSE Tumbleweed libpolkit0-32bit-0.113-3.4 as a component of openSUSE Tumbleweed polkit-0.113-3.4 as a component of openSUSE Tumbleweed polkit-devel-0.113-3.4 as a component of openSUSE Tumbleweed polkit-doc-0.113-3.4 as a component of openSUSE Tumbleweed typelib-1_0-Polkit-1_0-0.113-3.4 as a component of openSUSE Tumbleweed pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument. CVE-2010-0750 openSUSE Tumbleweed:libpolkit0-0.113-3.4 openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4 openSUSE Tumbleweed:polkit-0.113-3.4 openSUSE Tumbleweed:polkit-devel-0.113-3.4 openSUSE Tumbleweed:polkit-doc-0.113-3.4 openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-0750.html CVE-2010-0750 https://bugzilla.suse.com/593959 SUSE Bug 593959 Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID. CVE-2011-1485 openSUSE Tumbleweed:libpolkit0-0.113-3.4 openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4 openSUSE Tumbleweed:polkit-0.113-3.4 openSUSE Tumbleweed:polkit-devel-0.113-3.4 openSUSE Tumbleweed:polkit-doc-0.113-3.4 openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1485.html CVE-2011-1485 https://bugzilla.suse.com/1032717 SUSE Bug 1032717 https://bugzilla.suse.com/688788 SUSE Bug 688788 Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck. CVE-2013-4288 openSUSE Tumbleweed:libpolkit0-0.113-3.4 openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4 openSUSE Tumbleweed:polkit-0.113-3.4 openSUSE Tumbleweed:polkit-devel-0.113-3.4 openSUSE Tumbleweed:polkit-doc-0.113-3.4 openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4288.html CVE-2013-4288 https://bugzilla.suse.com/1070943 SUSE Bug 1070943 https://bugzilla.suse.com/1099031 SUSE Bug 1099031 https://bugzilla.suse.com/835827 SUSE Bug 835827 https://bugzilla.suse.com/836931 SUSE Bug 836931 https://bugzilla.suse.com/836932 SUSE Bug 836932 https://bugzilla.suse.com/836937 SUSE Bug 836937 https://bugzilla.suse.com/836939 SUSE Bug 836939 https://bugzilla.suse.com/844967 SUSE Bug 844967 https://bugzilla.suse.com/852368 SUSE Bug 852368 https://bugzilla.suse.com/854144 SUSE Bug 854144 https://bugzilla.suse.com/864716 SUSE Bug 864716 The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path. CVE-2015-3218 openSUSE Tumbleweed:libpolkit0-0.113-3.4 openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4 openSUSE Tumbleweed:polkit-0.113-3.4 openSUSE Tumbleweed:polkit-devel-0.113-3.4 openSUSE Tumbleweed:polkit-doc-0.113-3.4 openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3218.html CVE-2015-3218 https://bugzilla.suse.com/933922 SUSE Bug 933922 https://bugzilla.suse.com/943816 SUSE Bug 943816 The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions. CVE-2015-3255 openSUSE Tumbleweed:libpolkit0-0.113-3.4 openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4 openSUSE Tumbleweed:polkit-0.113-3.4 openSUSE Tumbleweed:polkit-devel-0.113-3.4 openSUSE Tumbleweed:polkit-doc-0.113-3.4 openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3255.html CVE-2015-3255 https://bugzilla.suse.com/939246 SUSE Bug 939246 https://bugzilla.suse.com/943816 SUSE Bug 943816 PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation." CVE-2015-3256 openSUSE Tumbleweed:libpolkit0-0.113-3.4 openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4 openSUSE Tumbleweed:polkit-0.113-3.4 openSUSE Tumbleweed:polkit-devel-0.113-3.4 openSUSE Tumbleweed:polkit-doc-0.113-3.4 openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3256.html CVE-2015-3256 https://bugzilla.suse.com/943816 SUSE Bug 943816 Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. CVE-2015-4625 openSUSE Tumbleweed:libpolkit0-0.113-3.4 openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4 openSUSE Tumbleweed:polkit-0.113-3.4 openSUSE Tumbleweed:polkit-devel-0.113-3.4 openSUSE Tumbleweed:polkit-doc-0.113-3.4 openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4625.html CVE-2015-4625 https://bugzilla.suse.com/935119 SUSE Bug 935119 https://bugzilla.suse.com/943816 SUSE Bug 943816