Joined: 12 May 2004
|Posted: Tue Nov 15, 2016 9:26 am Post subject: [ GLSA 201611-07 ] polkit
|Gentoo Linux Security Advisory
Title: polkit: Heap-corruption on duplicate IDs (GLSA 201611-07)
Date: November 15, 2016
polkit is vulnerable to local privilege escalation.
polkit is a toolkit for managing policies relating to unprivileged
processes communicating with privileged processes.
Vulnerable: < 0.113
Unaffected: >= 0.113
Architectures: All supported architectures
A vulnerability was discovered in polkit’s
polkit_backend_action_pool_init function due to duplicate action IDs in
Local attackers are able to gain unauthorized privileges on the system.
There is no known workaround at this time.
All polkit users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.113"