AXSA:2019-4123:04

Release date: 
Tuesday, August 20, 2019 - 01:58
Subject: 
polkit-0.112-22.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.

Security Fix(es):

* polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass (CVE-2018-19788)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-19788
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
1. polkit-0.112-22.el7.src.rpm
md5sum: bcc3e1f47b0cc6406f705b2581e05b2c
sha256sum: dd1407629a4f8908f37983f9593bf0e034c2fe5c7bb70e56129d9957b6de2cdf
Size: 1,436 Kb

Asianux Server 7.0 for x86_64
1. polkit-0.112-22.el7.x86_64.rpm
md5sum: e8acb3858bd139a56ad7c594541408aa
sha256sum: 23bc82c8ddecbea41eb5b5e1ac13241de82de98bf1bd3709da29b07466edb2ea
Size: 169 Kb
2. polkit-devel-0.112-22.el7.x86_64.rpm
md5sum: c66def9c51bcc6ff7fc084c26dcf4105
sha256sum: 3504cad9f90765e23d079ea03279d39e8484a8d186359506d04a05a40ec42bba
Size: 42 Kb
3. polkit-docs-0.112-22.el7.noarch.rpm
md5sum: b7cf2bcc010f1fbdead421b20cf50749
sha256sum: 4352c14e5abb58aef4e18ca3dc1fa90ebc2848e12f9d88fd024323b9edde7ae3
Size: 250 Kb
4. polkit-0.112-22.el7.i686.rpm
md5sum: dbe6f7929561a7119c8c712a22fb0602
sha256sum: 9349680f124c724952493b661f9e06cb1d99a7f64c9d7bb2eae4a26fba085c24
Size: 168 Kb
5. polkit-devel-0.112-22.el7.i686.rpm
md5sum: a1663dfff12e6e34583af26de5eb0d77
sha256sum: 5dac7e6eabf4bc0a57a3bfe4a062eee23a60709a109dd682a911ecf863563a79
Size: 42 Kb
Copyright© 2007-2015 Asianux. All rights reserved.