| Revision Date: | 2014-12-01 | Version: | 9 |
| Title: | RHSA-2014:1359: polkit-qt security update (Important) |
| Description: | Polkit-qt is a library that lets developers use the PolicyKit API through aQt-styled API. The polkit-qt library is used by the KDE AuthenticationAgent (KAuth), which is a part of kdelibs.It was found that polkit-qt handled authorization requests with PolicyKitvia a D-Bus API that is vulnerable to a race condition. A local user coulduse this flaw to bypass intended PolicyKit authorizations. This updatemodifies polkit-qt to communicate with PolicyKit via a different API thatis not vulnerable to the race condition. (CVE-2014-5033)All polkit-qt users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CESA-2014:1359
CVE-2014-5033
RHSA-2014:1359-00
|
| Platform(s): | CentOS Linux 7
Red Hat Enterprise Linux 7
| Product(s): | polkit-qt
|
| Definition Synopsis |
| Redhat 7 or Centos 7 release The operating system installed on the system is Red Hat Enterprise Linux 7
OR The operating system installed on the system is CentOS Linux 7.x
AND Packages section
polkit-qt is earlier than 0:0.103.0-10.el7_0
OR polkit-qt-devel is earlier than 0:0.103.0-10.el7_0
OR polkit-qt-doc is earlier than 0:0.103.0-10.el7_0
|