Oval Definition:oval:com.redhat.rhsa:def:20141359
Revision Date:2014-10-06Version:637
Title:RHSA-2014:1359: polkit-qt security update (Important)
Description:Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs.

  • It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2014-5033)

    All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2014-5033
    CVE-2014-5033
    RHSA-2014:1359
    RHSA-2014:1359-00
    RHSA-2014:1359-01
    Platform(s):Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • polkit-qt is earlier than 0:0.103.0-10.el7_0
  • AND polkit-qt is signed with Red Hat redhatrelease2 key
  • polkit-qt-devel is earlier than 0:0.103.0-10.el7_0
  • AND polkit-qt-devel is signed with Red Hat redhatrelease2 key
  • polkit-qt-doc is earlier than 0:0.103.0-10.el7_0
  • AND polkit-qt-doc is signed with Red Hat redhatrelease2 key
    • BACK