-
policykit-1 (0.105-4ubuntu3.14.04.6) trusty-security; urgency=medium
* SECURITY UPDATE: start time protection mechanism bypass
- debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
for temporary authorizations in src/polkit/polkitsubject.c,
src/polkit/polkitunixprocess.c,
src/polkitbackend/polkitbackendinteractiveauthority.c.
- CVE-2019-6133
-- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 09:57:59 -0400
-
policykit-1 (0.105-4ubuntu3.14.04.5) trusty-security; urgency=medium
* SECURITY UPDATE: authorization bypass with large uid
- debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
- debian/patches/CVE-2018-19788-2.patch: add tests to
test/data/etc/group, test/data/etc/passwd,
test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
test/polkitbackend/polkitbackendlocalauthoritytest.c.
- debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
PolkitUnixProcess in src/polkit/polkitunixprocess.c.
- CVE-2018-19788
-- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:20:15 -0500
-
policykit-1 (0.105-4ubuntu3.14.04.2) trusty-security; urgency=medium
* SECURITY UPDATE: DoS via invalid object path
- debian/patches/CVE-2015-3218.patch: handle invalid object paths in
src/polkitbackend/polkitbackendinteractiveauthority.c.
- CVE-2015-3218
* SECURITY UPDATE: privilege escalation via duplicate action IDs
- debian/patches/CVE-2015-3255.patch: fix GHashTable usage in
src/polkitbackend/polkitbackendactionpool.c.
- CVE-2015-3255
* SECURITY UPDATE: privilege escalation via duplicate cookie values
- debian/patches/CVE-2015-4625-1.patch: use unpredictable cookie values
in configure.ac, src/polkitagent/polkitagenthelper-pam.c,
src/polkitagent/polkitagenthelper-shadow.c,
src/polkitagent/polkitagenthelperprivate.c,
src/polkitagent/polkitagenthelperprivate.h,
src/polkitagent/polkitagentsession.c,
src/polkitbackend/polkitbackendinteractiveauthority.c.
- debian/patches/CVE-2015-4625-2.patch: bind use of cookies to specific
uids in data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml,
data/org.freedesktop.PolicyKit1.Authority.xml,
docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml,
docs/polkit/overview.xml, src/polkit/polkitauthority.c,
src/polkitbackend/polkitbackendauthority.c,
src/polkitbackend/polkitbackendauthority.h,
src/polkitbackend/polkitbackendinteractiveauthority.c.
- debian/patches/CVE-2015-4625-3.patch: update docs in
data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml,
data/org.freedesktop.PolicyKit1.Authority.xml,
docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml,
docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml,
docs/polkit/overview.xml, src/polkit/polkitauthority.c,
src/polkitagent/polkitagentlistener.c,
src/polkitbackend/polkitbackendauthority.c.
- CVE-2015-4625
* SECURITY UPDATE: DoS and information disclosure
- debian/patches/CVE-2018-1116.patch: properly check UID in
src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c,
src/polkitbackend/polkitbackendinteractiveauthority.c,
src/polkitbackend/polkitbackendsessionmonitor-systemd.c,
src/polkitbackend/polkitbackendsessionmonitor.c,
src/polkitbackend/polkitbackendsessionmonitor.h.
- debian/libpolkit-gobject-1-0.symbols: updated for new private symbol.
- CVE-2018-1116
-- Marc Deslauriers <email address hidden> Fri, 13 Jul 2018 07:53:14 -0400
-
policykit-1 (0.105-4ubuntu3.14.04.1) trusty; urgency=medium
* Fix handling of multi-line helper output. (LP: #1510824)
-- Dariusz Gadomski <email address hidden> Fri, 20 Nov 2015 15:36:30 +0100
-
policykit-1 (0.105-4ubuntu2.14.04.1) trusty; urgency=medium
* debian/patches/fix_memleak.patch:
authority: Fix memory leak in EnumerateActions call results handler
(lp: #1417637)
-- Luis Lucas <email address hidden> Tue, 03 Feb 2015 17:15:02 +0000
-
policykit-1 (0.105-4ubuntu2) trusty; urgency=medium
* debian/patches/git_type_registration.patch:
"Use GOnce for interface type registration. Static local variable may not
be enough since it doesn't provide locking."
That should fix some frequent udisks segfaults issues (lp: #1236510)
-- Sebastien Bacher <email address hidden> Tue, 11 Feb 2014 19:26:03 +0100
-
policykit-1 (0.105-4ubuntu1) trusty; urgency=low
* Merge with Debian unstable. Remaining Ubuntu changes:
- Switch to using logind for session tracking. Depend on libpam-systemd
instead of consolekit, and add libsystemd-login-dev build dependency.
- debian/policykit-1.postinst: Don't restart polkitd if we are upgrading
from a version that uses ConsoleKit. We need to keep the old daemon
running until the next reboot, as all the current user sessions still
have a CK session and no logind cgroup yet.
- Build using autoreconf to update config.{guess,sub} files.
- Configure with --disable-silent-rules.
policykit-1 (0.105-4) unstable; urgency=low
* Acknowledge non-maintainer upload for CVE-2013-4288.
* Also cherry-pick the upstream commit which deprecates the racy APIs.
* debian/patches/09_pam_environment.patch: set process environment from
pam_getenvlist().
* debian/patches/01_pam_polkit.patch: adjust patch to invoke pam_env, so our
global settings from /etc/environment are applied correctly.
* The two changes above fix pkexec to properly export the pam environment.
Thanks Steve Langasek for the patch. (Closes: #692340)
policykit-1 (0.105-3+nmu1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix cve-2013-4288: race condition in pkcheck.c (closes: #723717).
-- Marc Deslauriers <email address hidden> Wed, 30 Oct 2013 16:10:44 -0700
-
policykit-1 (0.105-3ubuntu3) saucy; urgency=low
* SECURITY UPDATE: use of pkcheck without specifying uid is racy,
possibly leading to privilege escalation
- debian/patches/CVE-2013-4288.patch: implement pid,start-time,uid
syntax so callers have a non-racy way of using pkcheck.
- CVE-2013-4288
-- Marc Deslauriers <email address hidden> Wed, 18 Sep 2013 12:38:05 -0400