Security update for polkit
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2015:1838-1
Final
1
1
2015-10-22T07:44:28Z
current
2015-10-22T07:44:28Z
2015-10-22T07:44:28Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for polkit
polkit was updated to the 0.113 release, fixing security issues and bugs.
Security issues fixed:
* Fixes CVE-2015-4625, a local privilege escalation due to predictable
authentication session cookie values. Thanks to Tavis Ormandy, Google Project
Zero for reporting this issue. For the future, authentication agents are
encouraged to use PolkitAgentSession instead of using the D-Bus agent response
API directly. (bsc#935119)
* Fixes CVE-2015-3256, various memory corruption vulnerabilities in use of the
JavaScript interpreter, possibly leading to local privilege escalation.
(bsc#943816)
* Fixes CVE-2015-3255, a memory corruption vulnerability in handling duplicate
action IDs, possibly leading to local privilege escalation. Thanks to
Laurent Bigonville for reporting this issue. (bsc#939246)
* Fixes CVE-2015-3218, which allowed any local user to crash polkitd. Thanks to
Tavis Ormandy, Google Project Zero, for reporting this issue. (bsc#933922)
Other issues fixed:
* On systemd-213 and later, the 'active' state is shared across all sessions of
an user, instead of being tracked separately.
* pkexec, when not given a program to execute, runs the users shell by
default.
* Fixed shutdown problems on powerpc64le (bsc#950114)
* polkit had a memory leak (bsc#912889)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-DESKTOP-12-2015-759,SUSE-SLE-SDK-12-2015-759,SUSE-SLE-SERVER-12-2015-759,SUSE-SLE-WE-12-2015-759
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2015/suse-su-20151838-1/
Link for SUSE-SU-2015:1838-1
https://lists.suse.com/pipermail/sle-security-updates/2015-October/001649.html
E-Mail link for SUSE-SU-2015:1838-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/912889
SUSE Bug 912889
https://bugzilla.suse.com/933922
SUSE Bug 933922
https://bugzilla.suse.com/935119
SUSE Bug 935119
https://bugzilla.suse.com/939246
SUSE Bug 939246
https://bugzilla.suse.com/943816
SUSE Bug 943816
https://bugzilla.suse.com/950114
SUSE Bug 950114
https://www.suse.com/security/cve/CVE-2015-3218/
SUSE CVE CVE-2015-3218 page
https://www.suse.com/security/cve/CVE-2015-3255/
SUSE CVE CVE-2015-3255 page
https://www.suse.com/security/cve/CVE-2015-3256/
SUSE CVE CVE-2015-3256 page
https://www.suse.com/security/cve/CVE-2015-4625/
SUSE CVE CVE-2015-4625 page
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Workstation Extension 12
libpolkit0-0.113-4.1
libpolkit0-32bit-0.113-4.1
polkit-0.113-4.1
typelib-1_0-Polkit-1_0-0.113-4.1
polkit-devel-0.113-4.1
libpolkit0-0.113-4.1 as a component of SUSE Linux Enterprise Desktop 12
libpolkit0-32bit-0.113-4.1 as a component of SUSE Linux Enterprise Desktop 12
polkit-0.113-4.1 as a component of SUSE Linux Enterprise Desktop 12
typelib-1_0-Polkit-1_0-0.113-4.1 as a component of SUSE Linux Enterprise Desktop 12
libpolkit0-0.113-4.1 as a component of SUSE Linux Enterprise Server 12
polkit-0.113-4.1 as a component of SUSE Linux Enterprise Server 12
typelib-1_0-Polkit-1_0-0.113-4.1 as a component of SUSE Linux Enterprise Server 12
libpolkit0-0.113-4.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
polkit-0.113-4.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
typelib-1_0-Polkit-1_0-0.113-4.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
polkit-devel-0.113-4.1 as a component of SUSE Linux Enterprise Software Development Kit 12
libpolkit0-32bit-0.113-4.1 as a component of SUSE Linux Enterprise Workstation Extension 12
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
CVE-2015-3218
SUSE Linux Enterprise Desktop 12:libpolkit0-0.113-4.1
SUSE Linux Enterprise Desktop 12:libpolkit0-32bit-0.113-4.1
SUSE Linux Enterprise Desktop 12:polkit-0.113-4.1
SUSE Linux Enterprise Desktop 12:typelib-1_0-Polkit-1_0-0.113-4.1
SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1
SUSE Linux Enterprise Server 12:polkit-0.113-4.1
SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1
SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1
SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1
SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1
SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1
SUSE Linux Enterprise Workstation Extension 12:libpolkit0-32bit-0.113-4.1
moderate
4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20151838-1/
https://www.suse.com/security/cve/CVE-2015-3218.html
CVE-2015-3218
https://bugzilla.suse.com/933922
SUSE Bug 933922
https://bugzilla.suse.com/943816
SUSE Bug 943816
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
CVE-2015-3255
SUSE Linux Enterprise Desktop 12:libpolkit0-0.113-4.1
SUSE Linux Enterprise Desktop 12:libpolkit0-32bit-0.113-4.1
SUSE Linux Enterprise Desktop 12:polkit-0.113-4.1
SUSE Linux Enterprise Desktop 12:typelib-1_0-Polkit-1_0-0.113-4.1
SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1
SUSE Linux Enterprise Server 12:polkit-0.113-4.1
SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1
SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1
SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1
SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1
SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1
SUSE Linux Enterprise Workstation Extension 12:libpolkit0-32bit-0.113-4.1
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20151838-1/
https://www.suse.com/security/cve/CVE-2015-3255.html
CVE-2015-3255
https://bugzilla.suse.com/939246
SUSE Bug 939246
https://bugzilla.suse.com/943816
SUSE Bug 943816
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
CVE-2015-3256
SUSE Linux Enterprise Desktop 12:libpolkit0-0.113-4.1
SUSE Linux Enterprise Desktop 12:libpolkit0-32bit-0.113-4.1
SUSE Linux Enterprise Desktop 12:polkit-0.113-4.1
SUSE Linux Enterprise Desktop 12:typelib-1_0-Polkit-1_0-0.113-4.1
SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1
SUSE Linux Enterprise Server 12:polkit-0.113-4.1
SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1
SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1
SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1
SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1
SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1
SUSE Linux Enterprise Workstation Extension 12:libpolkit0-32bit-0.113-4.1
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20151838-1/
https://www.suse.com/security/cve/CVE-2015-3256.html
CVE-2015-3256
https://bugzilla.suse.com/943816
SUSE Bug 943816
Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.
CVE-2015-4625
SUSE Linux Enterprise Desktop 12:libpolkit0-0.113-4.1
SUSE Linux Enterprise Desktop 12:libpolkit0-32bit-0.113-4.1
SUSE Linux Enterprise Desktop 12:polkit-0.113-4.1
SUSE Linux Enterprise Desktop 12:typelib-1_0-Polkit-1_0-0.113-4.1
SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1
SUSE Linux Enterprise Server 12:polkit-0.113-4.1
SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1
SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1
SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1
SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1
SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1
SUSE Linux Enterprise Workstation Extension 12:libpolkit0-32bit-0.113-4.1
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20151838-1/
https://www.suse.com/security/cve/CVE-2015-4625.html
CVE-2015-4625
https://bugzilla.suse.com/935119
SUSE Bug 935119
https://bugzilla.suse.com/943816
SUSE Bug 943816