Synopsis: Important: polkit security update
Advisory ID: SLSA-2013:1270-1
Issue Date: 2013-09-19
CVE Numbers: CVE-2013-4288
—
A race condition was found in the way the PolicyKit pkcheck utility
checked process authorization when the process was specified by its
process ID via the –process option. A local user could use this flaw to
bypass intended PolicyKit authorizations and escalate their privileges.
(CVE-2013-4288)
Note: Applications that invoke pkcheck with the –process option need to
be modified to use the pid,pid-start-time,uid argument for that option, to
allow pkcheck to check process authorization correctly.
The system must be rebooted for this update to take effect.
—
SL6
x86_64
polkit-0.96-5.el6_4.i686.rpm
polkit-0.96-5.el6_4.x86_64.rpm
polkit-debuginfo-0.96-5.el6_4.i686.rpm
polkit-debuginfo-0.96-5.el6_4.x86_64.rpm
polkit-devel-0.96-5.el6_4.i686.rpm
polkit-devel-0.96-5.el6_4.x86_64.rpm
polkit-docs-0.96-5.el6_4.x86_64.rpm
i386
polkit-0.96-5.el6_4.i686.rpm
polkit-debuginfo-0.96-5.el6_4.i686.rpm
polkit-devel-0.96-5.el6_4.i686.rpm
polkit-docs-0.96-5.el6_4.i686.rpm
noarch
polkit-desktop-policy-0.96-5.el6_4.noarch.rpm
– Scientific Linux Development Team
