Summary: | <sys-auth/polkit-0.112-r3: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent (CVE-2015-3218) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | freedesktop-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1228738 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-06-05 15:28:03 UTC
+*polkit-0.112-r3 (06 Jun 2015) + + 06 Jun 2015; Jason Zaman <perfinion@gentoo.org> +files/polkit-0.112-0001-backe + nd-Handle-invalid-object-paths-in-RegisterAuthe.patch, + +polkit-0.112-r3.ebuild: + fix bug 551316 CVE-2015-3218: crash authentication_agent_new with invalid + object path in RegisterAuthenticationAgent We'll need to stabilize polkit-0.112-r3.ebuild. the arm64 keyword is only on 0.110, so we'll probably need a keywordreq to update that one too. Looks like we will need two more patches for a new CVE-2015-4625: http://cgit.freedesktop.org/polkit/commit/?id=ea544ffc18405237ccd95d28d7f45afef49aca17 http://cgit.freedesktop.org/polkit/commit/?id=493aa5dc1d278ab9097110c1262f5229bbaf1766 CCing arches for now for this revision. 0.113 was also bumped but we would prefer to give it a few days for receiving some testing (maybe 1 week or so) amd64 stable x86 stable arm stable Stable for HPPA PPC64. Stable on alpha. ia64 stable ppc stable sparc stable. Maintainer(s), please cleanup. Security, please vote. Maintainer(s), Thank you for you for cleanup. GLSA Vote: No Maintainer(s), please drop the vulnerable version(s). Removed vulnerable versions. GLSA Vote: No |