Vulnerability CVE-2018-19788: Information
Description
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
polkit | sisyphus | 0.115-alt4 | 124-alt1 | ALT-PU-2018-2800-1 | 217425 | Fixed |
polkit | sisyphus_e2k | 0.120-alt2.1 | 0.120-alt2.1 | ALT-PU-2023-7907-1 | - | Fixed |
polkit | sisyphus_riscv64 | 0.120-alt1 | 124-alt1 | ALT-PU-2021-4594-1 | - | Fixed |
polkit | p10 | 0.115-alt4 | 0.120-alt3 | ALT-PU-2018-2800-1 | 217425 | Fixed |
polkit | p9 | 0.115-alt4 | 0.116-alt2.M90P.4 | ALT-PU-2018-2800-1 | 217425 | Fixed |
polkit | c10f1 | 0.115-alt4 | 0.120-alt1.qa2 | ALT-PU-2018-2800-1 | 217425 | Fixed |
polkit | c9f2 | 0.115-alt4 | 0.116-alt2.M90P.5 | ALT-PU-2018-2800-1 | 217425 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://gitlab.freedesktop.org/polkit/polkit/issues/74 |
|
https://bugs.debian.org/915332 |
|
DSA-4350 |
|
USN-3861-2 |
|
USN-3861-1 |
|
[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update |
|
RHSA-2019:2046 | |
GLSA-201908-14 | |
RHSA-2019:3232 |