polkit - Arch Linux

issues
advisories
todo
stats
log
login

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-897	0.115+24+g5230646-1	0.116-1	High	Fixed	FS#61751
AVG-828	0.115+3+g8638ec5-1	0.115+24+g5230646-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2019-6133	AVG-897	High	No	Authentication bypass	In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions...
CVE-2018-19788	AVG-828	High	No	Privilege escalation	A security issue has been found in polkit <= 0.115, where an unprivileged user with a UID > INT_MAX can successfully execute any systemctl command.

Issue

Group

Severity

Remote

Type

Description

CVE-2019-6133

AVG-897

High

Authentication bypass

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions...

CVE-2018-19788

AVG-828

High

Privilege escalation

A security issue has been found in polkit <= 0.115, where an unprivileged user with a UID > INT_MAX can successfully execute any systemctl command.

Advisories

Date	Advisory	Group	Severity	Description
08 Jan 2019	ASA-201901-2	AVG-828	High	privilege escalation