AVG-897

Package polkit
Status Fixed
Severity High
Type authentication bypass
Affected 0.115+24+g5230646-1
Fixed 0.116-1
Current 0.116-2 [extra]
Ticket FS#61751
Created Thu Feb 14 00:04:45 2019
Issue Severity Remote Type Description
CVE-2019-6133 High No Authentication bypass
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions...