Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for polkit

Polkit was updated to 0.113 to fix four security issues.

The following vulnerabilities were fixed:

* CVE-2015-4625: a local privilege escalation due to predictable authentication session cookie values. (boo#935119)
* CVE-2015-3256: various memory corruption vulnerabilities in use of the JavaScript interpreter, possibly leading to local privilege escalation. (boo#943816)
* CVE-2015-3255: a memory corruption vulnerability in handling duplicate action IDs, possibly leading to local privilege escalation. (boo#939246)
* CVE-2015-3218: Allowed any local user to crash polkitd. (boo#933922)

Fixed bugs
CVE-CVE-2015-4625
CVE-CVE-2015-3256
CVE-CVE-2015-3255
CVE-CVE-2015-3218
bnc#935119
VUL-1: CVE-2015-4625: polkit: cookie generation wrapping with 32bit counter
bnc#943816
VUL-0: CVE-2015-3256: polkit: Memory corruption via javascript rule evaluation
bnc#939246
VUL-0: CVE-2015-3255: polkit: Heap-corruption on duplicate ids
bnc#933922
VUL-1: CVE-2015-3218: polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent
Selected Binaries
openSUSE Build Service is sponsored by
Places