File _patchinfo of Package patchinfo.4074

<patchinfo incident="4074">
  <packager>AndreasStieger</packager>
  <issue tracker="cve" id="CVE-2015-4625"></issue>
  <issue tracker="cve" id="CVE-2015-3256"></issue>
  <issue tracker="cve" id="CVE-2015-3255"></issue>
  <issue tracker="cve" id="CVE-2015-3218"></issue>
  <issue tracker="bnc" id="935119">VUL-1: CVE-2015-4625: polkit: cookie generation wrapping with 32bit counter</issue>
  <issue tracker="bnc" id="943816">VUL-0: CVE-2015-3256: polkit: Memory corruption via javascript rule evaluation</issue>
  <issue tracker="bnc" id="939246">VUL-0: CVE-2015-3255: polkit: Heap-corruption on duplicate ids</issue>
  <issue tracker="bnc" id="933922">VUL-1: CVE-2015-3218: polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent</issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for polkit</summary>
  <description>Polkit was updated to 0.113 to fix four security issues.

The following vulnerabilities were fixed:

* CVE-2015-4625: a local privilege escalation due to predictable authentication session cookie values. (boo#935119)
* CVE-2015-3256: various memory corruption vulnerabilities in use of the JavaScript interpreter, possibly leading to local privilege escalation. (boo#943816)
* CVE-2015-3255: a memory corruption vulnerability in handling duplicate action IDs, possibly leading to local privilege escalation. (boo#939246)
* CVE-2015-3218: Allowed any local user to crash polkitd. (boo#933922)</description>
</patchinfo>