polkit - Arch Linux
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2028 | 0.118-1 | 0.119-1 | Medium | Fixed | |
| AVG-897 | 0.115+24+g5230646-1 | 0.116-1 | High | Fixed | FS#61751 |
| AVG-828 | 0.115+3+g8638ec5-1 | 0.115+24+g5230646-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-3560 | AVG-2028 | Medium | No | Privilege escalation | A security issue was found in polkit before version 0.119. When a requesting process disconnects from dbus-daemon just before the call to... |
| CVE-2019-6133 | AVG-897 | High | No | Authentication bypass | In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions... |
| CVE-2018-19788 | AVG-828 | High | No | Privilege escalation | A security issue has been found in polkit <= 0.115, where an unprivileged user with a UID > INT_MAX can successfully execute any systemctl command. |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 09 Jun 2021 | ASA-202106-24 | AVG-2028 | Medium | privilege escalation |
| 08 Jan 2019 | ASA-201901-2 | AVG-828 | High | privilege escalation |