AXSA:2019-4123:04

Release date: 
Tuesday, August 20, 2019 - 01:58
Subject: 
polkit-0.112-22.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.

Security Fix(es):

* polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass (CVE-2018-19788)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-19788
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. polkit-0.112-22.el7.src.rpm
    MD5: bcc3e1f47b0cc6406f705b2581e05b2c
    SHA-256: dd1407629a4f8908f37983f9593bf0e034c2fe5c7bb70e56129d9957b6de2cdf
    Size: 1.40 MB

Asianux Server 7 for x86_64
  1. polkit-0.112-22.el7.x86_64.rpm
    MD5: e8acb3858bd139a56ad7c594541408aa
    SHA-256: 23bc82c8ddecbea41eb5b5e1ac13241de82de98bf1bd3709da29b07466edb2ea
    Size: 168.54 kB
  2. polkit-devel-0.112-22.el7.x86_64.rpm
    MD5: c66def9c51bcc6ff7fc084c26dcf4105
    SHA-256: 3504cad9f90765e23d079ea03279d39e8484a8d186359506d04a05a40ec42bba
    Size: 41.90 kB
  3. polkit-docs-0.112-22.el7.noarch.rpm
    MD5: b7cf2bcc010f1fbdead421b20cf50749
    SHA-256: 4352c14e5abb58aef4e18ca3dc1fa90ebc2848e12f9d88fd024323b9edde7ae3
    Size: 250.12 kB
  4. polkit-0.112-22.el7.i686.rpm
    MD5: dbe6f7929561a7119c8c712a22fb0602
    SHA-256: 9349680f124c724952493b661f9e06cb1d99a7f64c9d7bb2eae4a26fba085c24
    Size: 167.50 kB
  5. polkit-devel-0.112-22.el7.i686.rpm
    MD5: a1663dfff12e6e34583af26de5eb0d77
    SHA-256: 5dac7e6eabf4bc0a57a3bfe4a062eee23a60709a109dd682a911ecf863563a79
    Size: 41.93 kB
Copyright© 2007-2015 Asianux. All rights reserved.