You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa polkit

Sigurnosni nedostatak programskog paketa polkit

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2019-01-13 02:30:40.466723

Name : polkit
Product : Fedora 29
Version : 0.115
Release : 4.2.fc29
Summary : An authorization framework
Description :
polkit is a toolkit for defining and handling authorizations. It is
used for allowing unprivileged processes to speak to privileged

Update Information:

Due to kernel issue there is a way to reuse start_time of a process. This allows
to duplicate process authorized by polkit. This update mitigates polkit issue
#75 (slowfork):

* Mon Jan 7 2019 Jan Rybar <> – 0.115-5
– Fix of start_time reuse exploit (slowfork)
* Fri Dec 7 2018 Jan Rybar <> – 0.115-4.1
– Fix of CVE-2018-19788, priv escalation with high UIDs
– Resolves: rhbz#1655926
* Thu Sep 27 2018 Owen Taylor <> – 0.115-4
– Fix installation with prefix != /usr
* Fri Jul 20 2018 Jan Rybar <> – 0.115-3
– Warning raised by polkit when disconnected from ssh
– polkitagentlistener: resource leak – pointer to ‘server’
– Error message raised on every ‘systemctl start’ in

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-e957cecffd’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorToni Vugdelija
Cert idNCERT-REF-2019-01-0001-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa gthumb

Otkriven je sigurnosni nedostatak u programskom paketu gthumb za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja....