polkit

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Application development toolkit for controlling system-wide privileges
Version 0.120-3 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2028 0.118-1 0.119-1 Medium Fixed
AVG-897 0.115+24+g5230646-1 0.116-1 High Fixed FS#61751
AVG-828 0.115+3+g8638ec5-1 0.115+24+g5230646-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-3560 AVG-2028 Medium No Privilege escalation
A security issue was found in polkit before version 0.119. When a requesting process disconnects from dbus-daemon just before the call to...
CVE-2019-6133 AVG-897 High No Authentication bypass
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions...
CVE-2018-19788 AVG-828 High No Privilege escalation
A security issue has been found in polkit <= 0.115, where an unprivileged user with a UID > INT_MAX can successfully execute any systemctl command.

Advisories

Date Advisory Group Severity Type
09 Jun 2021 ASA-202106-24 AVG-2028 Medium privilege escalation
08 Jan 2019 ASA-201901-2 AVG-828 High privilege escalation