From ${URL} : t was reported that if polkit, while reading action descriptions from /usr/share/polkit-1/actions, encounters a duplicate action ID, it corrupts the heap. The effects of corruption are e.g. visible on stderr as frequent use of unrelated strings when running polkit without --no-debug. Presumably a local attacker might be able to manipulate polkit’s heap enough to achieve privilege escalation through this. Upstream bug: https://bugs.freedesktop.org/show_bug.cgi?id=83590 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Per: https://bugs.freedesktop.org/show_bug.cgi?id=83590#c7 this is fixed in 0.113... that should be ok to go to stable as explained at bug 554878
polkit-0.113 is now stable, must cleanup 0.112-r3.
Arches, Thank you for your work. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s).
Vulnerable ebuilds cleaned up.
Maintainer(s), Thank you for your work.
This issue was resolved and addressed in GLSA 201611-07 at https://security.gentoo.org/glsa/201611-07 by GLSA coordinator Aaron Bauman (b-man).