Oval Definition:oval:com.ubuntu.bionic:def:20196133000
Revision Date:2019-01-11Version:1
Title:CVE-2019-6133 on Ubuntu 18.04 LTS (bionic) - medium.
Description:In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-6133
Platform(s):Ubuntu 18.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 18.04 LTS (bionic) is installed.
  • AND Package Information
  • The 'linux' package in bionic was vulnerable but has been fixed (note: '4.15.0-46.49').
  • OR The 'linux-aws' package in bionic was vulnerable but has been fixed (note: '4.15.0-1033.35').
  • OR The 'linux-azure' package in bionic was vulnerable but has been fixed (note: '4.18.0-1013.13~18.04.1').
  • OR The 'linux-azure-edge' package in bionic was vulnerable but has been fixed (note: '4.18.0-1013.13~18.04.1').
  • OR The 'linux-gcp' package in bionic was vulnerable but has been fixed (note: '4.15.0-1028.29').
  • OR The 'linux-gcp-edge' package in bionic was vulnerable but has been fixed (note: '4.18.0-1007.8~18.04.1').
  • OR NOT While related to the CVE in some way, the 'linux-gke' package in bionic is not affected.
  • OR The 'linux-hwe' package in bionic was vulnerable but has been fixed (note: '4.18.0-16.17~18.04.1').
  • OR NOT While related to the CVE in some way, the 'linux-hwe-edge' package in bionic is not affected (note: '5.0.0-14.15~18.04.1').
  • OR The 'linux-kvm' package in bionic was vulnerable but has been fixed (note: '4.15.0-1030.30').
  • OR The 'linux-oem' package in bionic was vulnerable but has been fixed (note: '4.15.0-1034.39').
  • OR The 'linux-oracle' package in bionic was vulnerable but has been fixed (note: '4.15.0-1009.11').
  • OR The 'linux-raspi2' package in bionic was vulnerable but has been fixed (note: '4.15.0-1032.34').
  • OR The 'linux-snapdragon' package in bionic is affected. An update containing the fix has been completed and is pending publication (note: '4.15.0-1052.56').
  • OR The 'policykit-1' package in bionic was vulnerable but has been fixed (note: '0.105-20ubuntu0.18.04.5').
    • BACK