polkit

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Application development toolkit for controlling system-wide privileges
Version 0.116-3 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-897 0.115+24+g5230646-1 0.116-1 High Fixed FS#61751
AVG-828 0.115+3+g8638ec5-1 0.115+24+g5230646-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2019-6133 AVG-897 High No Authentication bypass
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions...
CVE-2018-19788 AVG-828 High No Privilege escalation
A security issue has been found in polkit <= 0.115, where an unprivileged user with a UID > INT_MAX can successfully execute any systemctl command.

Advisories

Date Advisory Group Severity Description
08 Jan 2019 ASA-201901-2 AVG-828 High privilege escalation