UbuntuUpdates.org

Package "gir1.2-polkit-1.0"

Name: gir1.2-polkit-1.0

Description:

GObject introspection data for PolicyKit

Latest version: 0.105-26ubuntu1.3
Release: focal (20.04)
Level: security
Repository: main
Head package: policykit-1
Homepage: https://www.freedesktop.org/wiki/Software/polkit/

Links


Download "gir1.2-polkit-1.0"


Other versions of "gir1.2-polkit-1.0" in Focal

Repository Area Version
base main 0.105-26ubuntu1
updates main 0.105-26ubuntu1.3

Changelog

Version: 0.105-26ubuntu1.3 2022-02-28 14:07:12 UTC

  policykit-1 (0.105-26ubuntu1.3) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via file descriptor leak
    - debian/patches/CVE-2021-4115.patch: wait for both calls in
      src/polkit/polkitsystembusname.c.
    - CVE-2021-4115
  * debian/patches/CVE-2021-4034.patch: replaced with final upstream
    version.

 -- Marc Deslauriers <email address hidden> Mon, 21 Feb 2022 07:58:33 -0500

Source diff to previous version
CVE-2021-4115 There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threa
CVE-2021-4034 A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileg

Version: 0.105-26ubuntu1.2 2022-01-25 20:06:30 UTC

  policykit-1 (0.105-26ubuntu1.2) focal-security; urgency=medium

  * SECURITY UPDATE: Local Privilege Escalation in pkexec
    - debian/patches/CVE-2021-4034.patch: properly handle command-line
      arguments in src/programs/pkcheck.c, src/programs/pkexec.c.
    - CVE-2021-4034

 -- Marc Deslauriers <email address hidden> Wed, 12 Jan 2022 07:33:38 -0500

Source diff to previous version

Version: 0.105-26ubuntu1.1 2021-06-03 12:06:21 UTC

  policykit-1 (0.105-26ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: local privilege escalation using
    polkit_system_bus_name_get_creds_sync()
    - debian/patches/CVE-2021-3560.patch: use proper return code in
      src/polkit/polkitsystembusname.c.
    - CVE-2021-3560

 -- Marc Deslauriers <email address hidden> Wed, 26 May 2021 07:50:16 -0400

CVE-2021-3560 local privilege escalation using polkit_system_bus_name_get_creds_sync()



About   -   Send Feedback to @ubuntu_updates