MGASA-2013-0293

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2013-0293.html
Import Source
https://advisories.mageia.org/MGASA-2013-0293.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2013-0293
Related
Published
2013-10-05T17:53:02Z
Modified
2013-10-05T17:52:55Z
Summary
Updated polkit package and the packages that call polkit fixes security vulnerability
Details

A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges (CVE-2013-4288).

Note: Applications that invoke pkcheck with the --process option need to be modified to use the pid,pid-start-time,uid argument for that option, to allow pkcheck to check process authorization correctly.

Because of the change in the PolicyKit API, the spice-gtk (CVE-2013-4324), hplip (CVE-2013-4325), rtkit (CVE-2013-4326), and systemd (CVE-2013-4327) packages have been updated to use a different API that is not affected by this PolicyKit vulnerability. The libvirt package will also be updated for the same reason, but this update will come in a separate advisory.

References
Credits

Affected packages

Mageia:2 / polkit

Package

Name
polkit
Purl
pkg:rpm/mageia/polkit?distro=mageia-2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.104-4.2.mga2

Ecosystem specific 

{
    "section": "core"
}

Mageia:2 / spice-gtk

Package

Name
spice-gtk
Purl
pkg:rpm/mageia/spice-gtk?distro=mageia-2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9-1.2.mga2

Ecosystem specific 

{
    "section": "core"
}

Mageia:2 / hplip

Package

Name
hplip
Purl
pkg:rpm/mageia/hplip?distro=mageia-2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.4-1.3.mga2

Ecosystem specific 

{
    "section": "core"
}

Mageia:2 / rtkit

Package

Name
rtkit
Purl
pkg:rpm/mageia/rtkit?distro=mageia-2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10-3.1.mga2

Ecosystem specific 

{
    "section": "core"
}

Mageia:2 / systemd

Package

Name
systemd
Purl
pkg:rpm/mageia/systemd?distro=mageia-2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
44-13.1.mga2

Ecosystem specific 

{
    "section": "core"
}

Mageia:3 / polkit

Package

Name
polkit
Purl
pkg:rpm/mageia/polkit?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.107-6.1.mga3

Ecosystem specific 

{
    "section": "core"
}

Mageia:3 / spice-gtk

Package

Name
spice-gtk
Purl
pkg:rpm/mageia/spice-gtk?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.15-3.1.mga3

Ecosystem specific 

{
    "section": "core"
}

Mageia:3 / hplip

Package

Name
hplip
Purl
pkg:rpm/mageia/hplip?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.9-6.1.mga3

Ecosystem specific 

{
    "section": "core"
}

Mageia:3 / rtkit

Package

Name
rtkit
Purl
pkg:rpm/mageia/rtkit?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.11-3.1.mga3

Ecosystem specific 

{
    "section": "core"
}

Mageia:3 / systemd

Package

Name
systemd
Purl
pkg:rpm/mageia/systemd?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
195-22.1.mga3

Ecosystem specific 

{
    "section": "core"
}