UbuntuUpdates.org

Package "policykit-1"

Name: policykit-1

Description:

framework for managing administrative policies and privileges
Latest version: 0.105-26ubuntu1.3
Release: focal (20.04)
Level: security
Repository: main
Homepage: https://www.freedesktop.org/wiki/Software/polkit/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "policykit-1"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "policykit-1" in Focal

Repository Area Version
base main 0.105-26ubuntu1
updates main 0.105-26ubuntu1.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.105-26ubuntu1.3 2022-02-28 14:07:12 UTC

  policykit-1 (0.105-26ubuntu1.3) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via file descriptor leak
    - debian/patches/CVE-2021-4115.patch: wait for both calls in
      src/polkit/polkitsystembusname.c.
    - CVE-2021-4115
  * debian/patches/CVE-2021-4034.patch: replaced with final upstream
    version.

 -- Marc Deslauriers <email address hidden> Mon, 21 Feb 2022 07:58:33 -0500
Source diff to previous version
CVE-2021-4115 There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threa
CVE-2021-4034 A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileg

Version: 0.105-26ubuntu1.2 2022-01-25 20:06:30 UTC

  policykit-1 (0.105-26ubuntu1.2) focal-security; urgency=medium

  * SECURITY UPDATE: Local Privilege Escalation in pkexec
    - debian/patches/CVE-2021-4034.patch: properly handle command-line
      arguments in src/programs/pkcheck.c, src/programs/pkexec.c.
    - CVE-2021-4034

 -- Marc Deslauriers <email address hidden> Wed, 12 Jan 2022 07:33:38 -0500
Source diff to previous version

Version: 0.105-26ubuntu1.1 2021-06-03 12:06:21 UTC

  policykit-1 (0.105-26ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: local privilege escalation using
    polkit_system_bus_name_get_creds_sync()
    - debian/patches/CVE-2021-3560.patch: use proper return code in
      src/polkit/polkitsystembusname.c.
    - CVE-2021-3560

 -- Marc Deslauriers <email address hidden> Wed, 26 May 2021 07:50:16 -0400
CVE-2021-3560 local privilege escalation using polkit_system_bus_name_get_creds_sync()


About   -   Send Feedback to @ubuntu_updates