From ${URL} : It was reported that polkitd dumps core if you set an invalid object path when calling RegisterAuthenticationAgent. It allows local authenticated users to perform a denial of service attack. Original report: http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html SUggested patch is available: http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
+*polkit-0.112-r3 (06 Jun 2015) + + 06 Jun 2015; Jason Zaman <perfinion@gentoo.org> +files/polkit-0.112-0001-backe + nd-Handle-invalid-object-paths-in-RegisterAuthe.patch, + +polkit-0.112-r3.ebuild: + fix bug 551316 CVE-2015-3218: crash authentication_agent_new with invalid + object path in RegisterAuthenticationAgent We'll need to stabilize polkit-0.112-r3.ebuild. the arm64 keyword is only on 0.110, so we'll probably need a keywordreq to update that one too.
Looks like we will need two more patches for a new CVE-2015-4625: http://cgit.freedesktop.org/polkit/commit/?id=ea544ffc18405237ccd95d28d7f45afef49aca17 http://cgit.freedesktop.org/polkit/commit/?id=493aa5dc1d278ab9097110c1262f5229bbaf1766
CCing arches for now for this revision. 0.113 was also bumped but we would prefer to give it a few days for receiving some testing (maybe 1 week or so)
amd64 stable
x86 stable
arm stable
Stable for HPPA PPC64.
Stable on alpha.
ia64 stable
ppc stable
sparc stable. Maintainer(s), please cleanup. Security, please vote.
Maintainer(s), Thank you for you for cleanup. GLSA Vote: No Maintainer(s), please drop the vulnerable version(s).
Removed vulnerable versions.
GLSA Vote: No
