polkit: Fix CVE-2019-6133 - meta-openembedded - Collection of OpenEmbedded layers

diff options

author	Ovidiu Panait <ovidiu.panait@windriver.com>	2019-01-23 11:29:51 +0200
committer	Armin Kuster <akuster808@gmail.com>	2019-01-23 08:17:23 -0800
commit	cca27b5ea7569d2730ee5da7ee7f47b39d775d89 (patch)
tree	4ab1d4bd85018da959f3b88c43c41c4b567a4a12 /meta-oe/recipes-graphics/xscreensaver/xscreensaver_5.39.bb
parent	867d208afef97e38f614c8b4a69f882d55f8e208 (diff)
download	meta-openembedded-cca27b5ea7569d2730ee5da7ee7f47b39d775d89.tar.gz

polkit: Fix CVE-2019-6133

In PolicyKit (aka polkit) 0.115, the start time protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-6133 Upstream patch: https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81 Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-oe/recipes-graphics/xscreensaver/xscreensaver_5.39.bb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: