Re: [SECURITY] [DLA 1644-1] policykit-1 security update

Mon, 28 Jan 2019 05:27:27 -0800 

Thank you

Le Lun 28 Jan 2019 14:05, Emilio Pozuelo Monfort <po...@debian.org> a
écrit :

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Package        : policykit-1
> Version        : 0.105-15~deb8u4
> CVE ID         : CVE-2018-19788 CVE-2019-6133
>
> Two vulnerabilities were found in Policykit, a framework for managing
> administrative policies and privileges:
>
> CVE-2018-19788
>
>     It was discovered that incorrect processing of very high UIDs in
>     Policykit could result in authentication bypass.
>
> CVE-2019-6133
>
>     Jann Horn of Google found that Policykit doesn't properly check
>     if a process is already authenticated, which can lead to an
>     authentication reuse by a different user.
>
> For Debian 8 "Jessie", these problems have been fixed in version
> 0.105-15~deb8u4.
>
> We recommend that you upgrade your policykit-1 packages.
>
> Further information about Debian LTS security advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://wiki.debian.org/LTS
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxO/fwACgkQnUbEiOQ2
> gwJcUg//fmu03pDkHkhW6dXIDiMsdBhP/17aVNQqgo+SRUKeHVE4WG1V4pP34cs6
> gYyk38oS6NOIEZ2gs0uOeXmvupuFnf56bhIX4ZN2ndRoLep1pC2e3nHbmrG1Ivrd
> v16EkxCqerOjSizPlo03MzzgJg3e0745o1StObNEdbk2PHJ8rahc7D9ZaaGO/2Zq
> apoP0byB6unsnTTW6UVke4ou1c/OY1B7E7ZGtbdPEcZyheM89m5Hu2GODb7xqwIx
> GRSFa7s56ulKLfiDaFW5P0+PSg0RGqZm8W/kxOK+Ku4Q6LF352K7rOSWBHF+z0pz
> JUDmZbcZ570VmyfFy7pwRkO2RSr78WI4BIfIlBEMvw0fPzgRbVPegcbF9aJVJU+r
> PjRK05P3fLC6odl7aAupSv4M/SN/K+nxw0rUr95JHa/XQTfx7djHDhh7WodpI1bt
> fNCyr1Lew7A3351GJU5Y4vcrs/GGyHSS6yL/+x+kD4jKFGYw7vCYFEWL+m1pHg3Y
> jcTyvRopkuffZ7wv7nWPbyaf3uOYr1qb9DFqS+HkmV2qMIxdkO5wbE9+jvie6Gsu
> q8neH1Q5gGpRDq3C6nkWHlDnIAuS7tQEnnBpRhu0lPaYSO5CECH6d/NaFQw0Dyal
> abwI1rSiOeDOWReoSF62Fy+hIIY4GV1pinaV+hSHjyj/Wydw4/I=
> =APCW
> -----END PGP SIGNATURE-----
>
>

Reply via email to