diff options
author | Ovidiu Panait <ovidiu.panait@windriver.com> | 2019-01-23 11:29:51 +0200 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2019-01-23 08:17:23 -0800 |
commit | cca27b5ea7569d2730ee5da7ee7f47b39d775d89 (patch) | |
tree | 4ab1d4bd85018da959f3b88c43c41c4b567a4a12 /meta-python/recipes-devtools/python/python3-serpent_1.25.bb | |
parent | 867d208afef97e38f614c8b4a69f882d55f8e208 (diff) | |
download | meta-openembedded-cca27b5ea7569d2730ee5da7ee7f47b39d775d89.tar.gz |
polkit: Fix CVE-2019-6133
In PolicyKit (aka polkit) 0.115, the start time protection mechanism can
be bypassed because fork() is not atomic, and therefore authorization
decisions are improperly cached. This is related to lack of uid checking
in polkitbackend/polkitbackendinteractiveauthority.c.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2019-6133
Upstream patch:
https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-serpent_1.25.bb')
0 files changed, 0 insertions, 0 deletions