Red Hat Security Advisory 2019-2978-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. An auth hijacking issue has been addressed.
1d5c2956e676d04d3d4761fe7164c641c826acf901393e347da3b6e20abcacc2Red Hat Security Advisory 2019-2699-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. An auth hijacking vulnerability was addressed.
73dd0a18d9b6ea7520d4770594898e10423d6fb99564f7439d54c051932c5a09Ubuntu Security Notice 3934-2 - USN-3934-1 fixed a vulnerability in Policykit. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations. Various other issues were also addressed.
13db2b49515621a4f2d04fc157919dafa07b9c4e91f83f5c1eb644a170dc9033Red Hat Security Advisory 2019-0832-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include an auth hijacking vulnerability.
ef2cb7fdf777aebe2200db16bd613188acc9f2418c1afa6e9bd5772d57d56bcbUbuntu Security Notice 3934-1 - It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations.
c8d204f7fe9cea49ee5d807afdb6f7cdfa086127bccf23406e8c8a76fc5ec584Ubuntu Security Notice 3910-1 - It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service. It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps. Various other issues were also addressed.
157257d2d3ba9f076315aac9237850d45c69fad3745870c2d67f133d0c0a2253Ubuntu Security Notice 3910-2 - USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service. Various other issues were also addressed.
e97a82abb1cfd336c59f8d5882e95ee4ac60646c17cd5c1f91a2a91e88f079f0Ubuntu Security Notice 3908-2 - USN-3908-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. Various other issues were also addressed.
cd355e52a9ac1d0dd8d224b975200733feb1d18ffeb317d9897cb4ec40c38fc4Ubuntu Security Notice 3908-1 - Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations.
023d1e358ad840166c4cd8f953f17797e904596a1e9445469abd9820bf705639Ubuntu Security Notice 3903-2 - USN-3903-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service or possibly execute arbitrary code in the host kernel. Various other issues were also addressed.
afcaa009d7d28d01ca610ca75faf61e90bc402ea1bad246d79cf7dca496c6849Ubuntu Security Notice 3903-1 - Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service or possibly execute arbitrary code in the host kernel. Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. Various other issues were also addressed.
73c11215ef38f1741368473e63e13f27c7a6aeadf7ef9a8536e6a489ec56ddf7Ubuntu Security Notice 3901-2 - USN-3901-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. Various other issues were also addressed.
c25a324edcfdb0698186cf0255921ec343ba3bedda004de93b2622c9d0166073Ubuntu Security Notice 3901-1 - Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
2733d1718525888590b59662b23b1cc1de9b8d11aba8290d25b543ffd636e966Red Hat Security Advisory 2019-0420-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include an auth hijacking vulnerability.
9d215922debd8fb7cdfec01420ddbc6e0b621cb31a7eaaea23b02be171fb8e8dRed Hat Security Advisory 2019-0230-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include an auth hijacking vulnerability.
89f54c45c0df7d5be2075a39c847c14e324c0916fb43ec12e92c80dcf55244aa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed