polkit-0.112-18.el7.1
エラータID: AXSA:2019-3762:02
Release date:
Wednesday, April 3, 2019 - 10:42
Subject:
polkit-0.112-18.el7.1
Affected Channels:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PolicyKitには、fork関数がアトミックでないため、開始時の保護機構がバイパスでき、
認証判定が不適切にキャッシュされる脆弱性があります。(CVE-2019-6133)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
Solution:
パッケージをアップデートしてください。
CVEs:
CVE-2019-6133
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
Additional Info:
N/A
Download:
SRPMS
- polkit-0.112-18.el7.1.src.rpm
MD5: 0bfba5fce22357721ed9483f0a037316
SHA-256: 784c92737495a6868284ae628f8e1f2c5d88f9d9201e8da28d59164024991d0a
Size: 1.40 MB
Asianux Server 7 for x86_64
- polkit-0.112-18.el7.1.x86_64.rpm
MD5: e13fd374d52d85caa3fef00dd0eb9023
SHA-256: d5ea9c720c46c2f8d73ed4c6df8469ada3f198c6971f18c709895d75048a6365
Size: 167.28 kB - polkit-devel-0.112-18.el7.1.x86_64.rpm
MD5: 9b06203829122269920adeb32505a699
SHA-256: 0b4cfdb8938f4362c78b0cc629a19fde451c19625ac7bb8fa4d7082bec240f11
Size: 41.54 kB - polkit-docs-0.112-18.el7.1.noarch.rpm
MD5: 42cda2ec644dfcd1272726af45b6270a
SHA-256: 5d77ba0d0dd562649255448b22b0c0f0df5277fc70f34ea52d3355aeac69b48e
Size: 249.76 kB - polkit-0.112-18.el7.1.i686.rpm
MD5: ee7cbdd320b2ddf8d5d27d7c460d1c6a
SHA-256: 05e1c64b97c9275c4a8046185389ad6352da23e4b6324e98071942505614a857
Size: 166.36 kB - polkit-devel-0.112-18.el7.1.i686.rpm
MD5: dc9db3a4b03cf0ba36782352f4ebc30a
SHA-256: aa1c9de1630a44f6ea2b84e82c03a8c93d3ffe8ce09f2d99cc5aa667066bcda7
Size: 41.57 kB