- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LFE
——————————————————————————–
Fedora Update Notification
FEDORA-2015-11058
2015-07-03 16:09:36
——————————————————————————–
Name : polkit
Product : Fedora 22
Version : 0.113
Release : 1.fc22
URL : http://www.freedesktop.org/wiki/Software/polkit
Summary : An authorization framework
Description :
polkit is a toolkit for defining and handling authorizations. It is
used for allowing unprivileged processes to speak to privileged
processes.
——————————————————————————–
Update Information:
Security fix for CVE-2015-3218, CVE-2015-3255, CVE-2015-3256, CVE-2015-4625
——————————————————————————–
ChangeLog:
* Thu Jul 2 2015 Miloslav Trmač <mitr@redhat.com> – 0.113-1
– Update to polkit-0.113 (CVE-2015-3218, CVE-2015-3255, CVE-2015-3256,
CVE-2015-4625)
Resolves: #910262, #1175061, #1177930, #1194391, #1228739, #1233810
* Fri Jun 19 2015 Miloslav Trmač <mitr@redhat.com> – 0.112-11
– Add BuildRequires: systemd so that %{_unitdir} is defined, to fix the build.
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 0.112-10
– Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
——————————————————————————–
References:
[ 1 ] Bug #1228738 – CVE-2015-3218 polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent
https://bugzilla.redhat.com/show_bug.cgi?id=1228738
[ 2 ] Bug #1233808 – CVE-2015-4625 polkit: potential information disclosure vulnerability due to cookie counter wrapping
https://bugzilla.redhat.com/show_bug.cgi?id=1233808
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update polkit’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2015-11743
2015-07-17 23:28:22
——————————————————————————–
Name : polkit
Product : Fedora 21
Version : 0.113
Release : 4.fc21
URL : http://www.freedesktop.org/wiki/Software/polkit
Summary : An authorization framework
Description :
polkit is a toolkit for defining and handling authorizations. It is
used for allowing unprivileged processes to speak to privileged
processes.
——————————————————————————–
Update Information:
Security fix for CVE-2015-3218, CVE-2015-3255, CVE-2015-3256, CVE-2015-4625.
Please make sure to reboot or run (systemctl restart polkit.service) after applying this update.
——————————————————————————–
ChangeLog:
* Tue Jul 14 2015 Miloslav Trmač <mitr@redhat.com> – 0.113-4
– Bump the Obsoletes: to < 0.113-3 to account for the non-split 0.113-2.fc21
Resolves: #1243004
* Sun Jul 12 2015 Rex Dieter <rdieter@fedoraproject.org> 0.113-3
– Obsoletes: polkit < 0.112-8 (handle multilib upgrade path)
* Fri Jul 10 2015 Miloslav Trmač <mitr@redhat.com> – 0.113-2
– Add a fully versioned dependency from polkit to polkit-libs
Resolves: #1241759
– Require polkit-libs, not polkit, in polkit-devel
* Thu Jul 2 2015 Miloslav Trmač <mitr@redhat.com> – 0.113-1
– Update to polkit-0.113 (CVE-2015-3218, CVE-2015-3255, CVE-2015-3256,
CVE-2015-4625)
Resolves: #910262, #1175061, #1177930, #1194391, #1228739, #1233810
* Fri Jun 19 2015 Miloslav Trmač <mitr@redhat.com> – 0.112-11
– Add BuildRequires: systemd so that %{_unitdir} is defined, to fix the build.
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 0.112-10
– Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sun Jan 25 2015 Rex Dieter <rdieter@fedoraproject.org> – 0.112-9
– polkit doesn’t release reference counters of GVariant data (#1180886)
– fix ldconfig scriptlets (move to -libs subpkg)
* Sat Nov 8 2014 Colin Walters <walters@redhat.com> – 0.112-8
– Split separate -libs package, so that NetworkManager can just depend on
that, without dragging in the daemon (as well as libmozjs17). This
allows the creation of more minimal systems that want programs like NM,
but do not need the configurability of the daemon; it would be ok if only
root is authorized.
——————————————————————————–
References:
[ 1 ] Bug #1228738 – CVE-2015-3218 polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent
https://bugzilla.redhat.com/show_bug.cgi?id=1228738
[ 2 ] Bug #1233808 – CVE-2015-4625 polkit: potential information disclosure vulnerability due to cookie counter wrapping
https://bugzilla.redhat.com/show_bug.cgi?id=1233808
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update polkit’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
| Autor | Marijo Plepelic |
| Cert id | NCERT-REF-2015-07-0028-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
