polkit

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Application development toolkit for controlling system-wide privileges
Version 0.116-1 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-897 0.115+24+g5230646-1 High Vulnerable FS#61751
Issue Group Severity Remote Type Description
CVE-2019-6133 AVG-897 High No Authentication bypass
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-828 0.115+3+g8638ec5-1 0.115+24+g5230646-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2018-19788 AVG-828 High No Privilege escalation
A security issue has been found in polkit <= 0.115, where an unprivileged user with a UID > INT_MAX can successfully execute any systemctl command.

Advisories

Date Advisory Group Severity Description
08 Jan 2019 ASA-201901-2 AVG-828 High privilege escalation