Oval Definition:oval:org.opensuse.security:def:20134324
Revision Date:2015-11-16Version:1
Title:CVE-2013-4324
Description:

spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2013-4324
Platform(s):openSUSE 12.2 Update
openSUSE 12.3 Update
Product(s):
Definition Synopsis
  • libspice-client-glib-2_0-8-0.14-3.4.1 is installed
  • OR libspice-client-gtk-2_0-4-0.14-3.4.1 is installed
  • OR libspice-client-gtk-3_0-4-0.14-3.4.1 is installed
  • OR libspice-controller0-0.14-3.4.1 is installed
  • OR python-SpiceClientGtk-0.14-3.4.1 is installed
  • OR spice-gtk-0.14-3.4.1 is installed
  • OR spice-gtk-devel-0.14-3.4.1 is installed
  • OR spice-gtk-lang-0.14-3.4.1 is installed
  • OR typelib-1_0-SpiceClientGlib-2_0-0.14-3.4.1 is installed
  • OR typelib-1_0-SpiceClientGtk-2_0-0.14-3.4.1 is installed
  • OR typelib-1_0-SpiceClientGtk-3_0-0.14-3.4.1 is installed
    • BACK