You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa polkit

Sigurnosni nedostaci programskog paketa polkit

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: polkit security update
Advisory ID: RHSA-2019:2978-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2978
Issue date: 2019-10-08
CVE Names: CVE-2019-6133
=====================================================================

1. Summary:

An update for polkit is now available for Red Hat Enterprise Linux 7.5
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.5) – x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5) – noarch, x86_64
Red Hat Enterprise Linux Server EUS (v. 7.5) – noarch, ppc64, ppc64le, s390x, x86_64

3. Description:

The polkit packages provide a component for controlling system-wide
privileges. This component provides a uniform and organized way for
non-privileged processes to communicate with privileged ones.

Security Fix(es):

* polkit: Temporary auth hijacking via PID reuse and non-atomic fork
(CVE-2019-6133)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1664212 – CVE-2019-6133 polkit: Temporary auth hijacking via PID reuse and non-atomic fork

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.5):

Source:
polkit-0.112-14.el7_5.1.src.rpm

x86_64:
polkit-0.112-14.el7_5.1.i686.rpm
polkit-0.112-14.el7_5.1.x86_64.rpm
polkit-debuginfo-0.112-14.el7_5.1.i686.rpm
polkit-debuginfo-0.112-14.el7_5.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5):

noarch:
polkit-docs-0.112-14.el7_5.1.noarch.rpm

x86_64:
polkit-debuginfo-0.112-14.el7_5.1.i686.rpm
polkit-debuginfo-0.112-14.el7_5.1.x86_64.rpm
polkit-devel-0.112-14.el7_5.1.i686.rpm
polkit-devel-0.112-14.el7_5.1.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.5):

Source:
polkit-0.112-14.el7_5.1.src.rpm

noarch:
polkit-docs-0.112-14.el7_5.1.noarch.rpm

ppc64:
polkit-0.112-14.el7_5.1.ppc.rpm
polkit-0.112-14.el7_5.1.ppc64.rpm
polkit-debuginfo-0.112-14.el7_5.1.ppc.rpm
polkit-debuginfo-0.112-14.el7_5.1.ppc64.rpm
polkit-devel-0.112-14.el7_5.1.ppc.rpm
polkit-devel-0.112-14.el7_5.1.ppc64.rpm

ppc64le:
polkit-0.112-14.el7_5.1.ppc64le.rpm
polkit-debuginfo-0.112-14.el7_5.1.ppc64le.rpm
polkit-devel-0.112-14.el7_5.1.ppc64le.rpm

s390x:
polkit-0.112-14.el7_5.1.s390.rpm
polkit-0.112-14.el7_5.1.s390x.rpm
polkit-debuginfo-0.112-14.el7_5.1.s390.rpm
polkit-debuginfo-0.112-14.el7_5.1.s390x.rpm
polkit-devel-0.112-14.el7_5.1.s390.rpm
polkit-devel-0.112-14.el7_5.1.s390x.rpm

x86_64:
polkit-0.112-14.el7_5.1.i686.rpm
polkit-0.112-14.el7_5.1.x86_64.rpm
polkit-debuginfo-0.112-14.el7_5.1.i686.rpm
polkit-debuginfo-0.112-14.el7_5.1.x86_64.rpm
polkit-devel-0.112-14.el7_5.1.i686.rpm
polkit-devel-0.112-14.el7_5.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-6133
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXZxesdzjgjWX9erEAQjCaA/7BDsSY8DiXFS1UaXFFsT7ja4soALuUFBD
e08j1NtckbxIcZKHEys6kE+XdktQ2sQu6D+53aygTFmVEq12NYSgoFU37opKYTGL
UcwUKMPCThE3wNl4rBjYdtotv6SDn0U7+31LFQVKi31jqqR7HYbUzxdUnJ/oy8uJ
N62IFcCB8PYeHa7RPy7whUwMAwEW/DrFr+rjioMokjp1/LK3xaqCoU0hyVqQtRXn
n/9xKkiJxXiRUDI5/ml1oLwMRHO1C5IZanykz4CXwXnx2bepSLePxgOJuN62MGHV
7ZYFRE8Byk5CqM+mM2PDCOBNWBJhxbyJmZDXn6kQQEoBiUGGJAXaZ1ocmZymNfxn
pLd66IeehFsUR2v95yl89mOXOfFZpLY4IaxA4HkNLa9EA9913YXA9mnfaEE2x7Cx
+U0wxm8YmhI6rJw4Lr+BPaRdrMwm8UQu0ItlJkJhNNKZWLqzJHAyof1kL0gMe0IZ
ti6wyWFRCx2jDIQJI1oZ4ZMfmG4mHzNpuT06hicc/Mu4Hkdf4DcSRl/RHIqQW9SZ
1LnVzf8MlMNopRfb/wBUlKpuUDNUUbVEnVulgFA9sze5v6gQ7w/s8a09uv07lJcr
OEfd1Kaial3CI5ot4/w5KzGg+8DGm+4Ot+bYidPTnkduL5pqhJwHim0yYBmlMrmc
lu2LpoZDn5E=
=c3fn
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava RHEL. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju otkrivanje osjetljivih informacija ili zaobilaženje sigurnosnih...

Close