UbuntuUpdates.org

Package "policykit-1"

Name: policykit-1

Description:

framework for managing administrative policies and privileges

Latest version: 0.105-20ubuntu0.18.04.6
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: https://www.freedesktop.org/wiki/Software/polkit/

Links


Download "policykit-1"


Other versions of "policykit-1" in Bionic

Repository Area Version
base main 0.105-20
security main 0.105-20ubuntu0.18.04.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.105-20ubuntu0.18.04.6 2022-01-25 21:06:24 UTC

  policykit-1 (0.105-20ubuntu0.18.04.6) bionic-security; urgency=medium

  * SECURITY UPDATE: Local Privilege Escalation in pkexec
    - debian/patches/CVE-2021-4034.patch: properly handle command-line
      arguments in src/programs/pkcheck.c, src/programs/pkexec.c.
    - CVE-2021-4034

 -- Marc Deslauriers <email address hidden> Wed, 12 Jan 2022 07:34:00 -0500

Source diff to previous version

Version: 0.105-20ubuntu0.18.04.5 2019-04-03 14:06:40 UTC

  policykit-1 (0.105-20ubuntu0.18.04.5) bionic-security; urgency=medium

  * SECURITY UPDATE: start time protection mechanism bypass
    - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
      for temporary authorizations in src/polkit/polkitsubject.c,
      src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - CVE-2019-6133

 -- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 09:57:02 -0400

Source diff to previous version
CVE-2019-6133 In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization deci

Version: 0.105-20ubuntu0.18.04.4 2019-01-16 15:06:36 UTC

  policykit-1 (0.105-20ubuntu0.18.04.4) bionic-security; urgency=medium

  * SECURITY UPDATE: authorization bypass with large uid
    - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
      PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
      src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
    - debian/patches/CVE-2018-19788-2.patch: add tests to
      test/data/etc/group, test/data/etc/passwd,
      test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
      test/polkitbackend/polkitbackendlocalauthoritytest.c.
    - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
      PolkitUnixProcess in src/polkit/polkitunixprocess.c.
    - CVE-2018-19788

 -- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:18:22 -0500

Source diff to previous version
CVE-2018-19788 A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

Version: 0.105-20ubuntu0.18.04.1 2018-07-16 18:06:51 UTC

  policykit-1 (0.105-20ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS and information disclosure
    - debian/patches/CVE-2018-1116.patch: properly check UID in
      src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c,
      src/polkitbackend/polkitbackendsessionmonitor-systemd.c,
      src/polkitbackend/polkitbackendsessionmonitor.c,
      src/polkitbackend/polkitbackendsessionmonitor.h.
    - debian/libpolkit-gobject-1-0.symbols: updated for new private symbol.
    - CVE-2018-1116

 -- Marc Deslauriers <email address hidden> Fri, 13 Jul 2018 07:42:06 -0400

CVE-2018-1116 A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polki



About   -   Send Feedback to @ubuntu_updates