[ubuntu/trusty-security] policykit-1 0.105-4ubuntu3.14.04.5 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Jan 16 12:55:02 UTC 2019


policykit-1 (0.105-4ubuntu3.14.04.5) trusty-security; urgency=medium

  * SECURITY UPDATE: authorization bypass with large uid
    - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
      PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
      src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
    - debian/patches/CVE-2018-19788-2.patch: add tests to
      test/data/etc/group, test/data/etc/passwd,
      test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
      test/polkitbackend/polkitbackendlocalauthoritytest.c.
    - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
      PolkitUnixProcess in src/polkit/polkitunixprocess.c.
    - CVE-2018-19788

Date: 2019-01-15 13:49:28.310066+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/policykit-1/0.105-4ubuntu3.14.04.5
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list