Ubuntu
policykit-1 package

policykit-1 0.105-4ubuntu3.14.04.2 source package in Ubuntu

Changelog

policykit-1 (0.105-4ubuntu3.14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS via invalid object path
    - debian/patches/CVE-2015-3218.patch: handle invalid object paths in
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - CVE-2015-3218
  * SECURITY UPDATE: privilege escalation via duplicate action IDs
    - debian/patches/CVE-2015-3255.patch: fix GHashTable usage in
      src/polkitbackend/polkitbackendactionpool.c.
    - CVE-2015-3255
  * SECURITY UPDATE: privilege escalation via duplicate cookie values
    - debian/patches/CVE-2015-4625-1.patch: use unpredictable cookie values
      in configure.ac, src/polkitagent/polkitagenthelper-pam.c,
      src/polkitagent/polkitagenthelper-shadow.c,
      src/polkitagent/polkitagenthelperprivate.c,
      src/polkitagent/polkitagenthelperprivate.h,
      src/polkitagent/polkitagentsession.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - debian/patches/CVE-2015-4625-2.patch: bind use of cookies to specific
      uids in data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml,
      data/org.freedesktop.PolicyKit1.Authority.xml,
      docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml,
      docs/polkit/overview.xml, src/polkit/polkitauthority.c,
      src/polkitbackend/polkitbackendauthority.c,
      src/polkitbackend/polkitbackendauthority.h,
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - debian/patches/CVE-2015-4625-3.patch: update docs in
      data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml,
      data/org.freedesktop.PolicyKit1.Authority.xml,
      docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml,
      docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml,
      docs/polkit/overview.xml, src/polkit/polkitauthority.c,
      src/polkitagent/polkitagentlistener.c,
      src/polkitbackend/polkitbackendauthority.c.
    - CVE-2015-4625
  * SECURITY UPDATE: DoS and information disclosure
    - debian/patches/CVE-2018-1116.patch: properly check UID in
      src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c,
      src/polkitbackend/polkitbackendsessionmonitor-systemd.c,
      src/polkitbackend/polkitbackendsessionmonitor.c,
      src/polkitbackend/polkitbackendsessionmonitor.h.
    - debian/libpolkit-gobject-1-0.symbols: updated for new private symbol.
    - CVE-2018-1116

 -- Marc Deslauriers <email address hidden>  Fri, 13 Jul 2018 07:53:14 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Trusty
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
policykit-1_0.105.orig.tar.gz 1.4 MiB 8fdc7cc8ba4750fcce1a4db9daa759c12afebc7901237e1c993c38f08985e1df
policykit-1_0.105-4ubuntu3.14.04.2.debian.tar.gz 43.1 KiB 00953a07892bcda9b72c88a0868cf0d2991c125ef8a1efcdbcdc54204946240b
policykit-1_0.105-4ubuntu3.14.04.2.dsc 2.9 KiB 4b5e6d71a78eff49263ba679870f62f33fde4e7b5e02821eca44b68af686b1ed

View changes file

Binary packages built by this source

gir1.2-polkit-1.0: GObject introspection data for PolicyKit

 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
 .
 This package contains introspection data for PolicyKit.
 .
 It can be used by packages using the GIRepository format to generate
 dynamic bindings.

libpolkit-agent-1-0: PolicyKit Authentication Agent API

 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
 .
 This package contains a library for accessing the authentication agent.

libpolkit-agent-1-0-dbgsym: debug symbols for package libpolkit-agent-1-0

 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
 .
 This package contains a library for accessing the authentication agent.

libpolkit-agent-1-dev: PolicyKit Authentication Agent API - development files

 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
 .
 This package contains the development files for the library found in
 libpolkit-agent-1-0.

libpolkit-backend-1-0: PolicyKit backend API

 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
 .
 This package contains a library for implementing authentication backends.

libpolkit-backend-1-0-dbgsym: debug symbols for package libpolkit-backend-1-0

 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
 .
 This package contains a library for implementing authentication backends.

libpolkit-backend-1-dev: PolicyKit backend API - development files

 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
 .
 This package contains the development files for the library found in
 libpolkit-backend-1-0.

libpolkit-gobject-1-0: PolicyKit Authorization API

 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
 .
 This package contains a library for accessing PolicyKit.

libpolkit-gobject-1-0-dbgsym: debug symbols for package libpolkit-gobject-1-0

 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
 .
 This package contains a library for accessing PolicyKit.

libpolkit-gobject-1-dev: PolicyKit Authorization API - development files

 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
 .
 This package contains the development files for the library found in
 libpolkit-gobject-1-0.

policykit-1: framework for managing administrative policies and privileges

 PolicyKit is an application-level toolkit for defining and handling the policy
 that allows unprivileged processes to speak to privileged processes.
 .
 It is a framework for centralizing the decision making process with respect to
 granting access to privileged operations for unprivileged (desktop)
 applications.

policykit-1-dbgsym: debug symbols for package policykit-1

 PolicyKit is an application-level toolkit for defining and handling the policy
 that allows unprivileged processes to speak to privileged processes.
 .
 It is a framework for centralizing the decision making process with respect to
 granting access to privileged operations for unprivileged (desktop)
 applications.

policykit-1-doc: documentation for PolicyKit-1

 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
 .
 This package contains the API documentation of PolicyKit.