Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-3218 (GCVE-0-2015-3218)
Vulnerability from cvelistv5
Published
2015-10-26 19:00
Modified
2024-08-06 05:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[polkit-devel] 20150529 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html"
},
{
"name": "USN-3717-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3717-1/"
},
{
"name": "FEDORA-2015-11058",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "FEDORA-2015-11743",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "76086",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76086"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035023"
},
{
"name": "[polkit-devel] 20150630 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-17T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[polkit-devel] 20150529 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html"
},
{
"name": "USN-3717-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3717-1/"
},
{
"name": "FEDORA-2015-11058",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "FEDORA-2015-11743",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "76086",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76086"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035023"
},
{
"name": "[polkit-devel] 20150630 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3218",
"datePublished": "2015-10-26T19:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2015-3218\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-10-26T19:59:00.107\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n authentication_agent_new en polkitbackend/polkitbackendinteractiveauthority.c en PolicyKit (tambi\u00e9n conocido como polkit) en versiones anteriores a 0.113 permite a usuarios locales provocar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda de demonio polkitd) llamando a RegisterAuthenticationAgent con una ruta de objeto no v\u00e1lida.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.112\",\"matchCriteriaId\":\"154D0301-B371-4F38-9DD5-EDBE487A37C8\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/76086\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1035023\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://usn.ubuntu.com/3717-1/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/76086\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1035023\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3717-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"\u003ca href=\\\"http://cwe.mitre.org/data/definitions/476.html\\\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e\"}}"
}
}
opensuse-su-2024:10436-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
libpolkit0-0.113-3.4 on GA media
Notes
Title of the patch
libpolkit0-0.113-3.4 on GA media
Description of the patch
These are all security issues fixed in the libpolkit0-0.113-3.4 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10436
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libpolkit0-0.113-3.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libpolkit0-0.113-3.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10436",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10436-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-0750 page",
"url": "https://www.suse.com/security/cve/CVE-2010-0750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-1485 page",
"url": "https://www.suse.com/security/cve/CVE-2011-1485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-4288 page",
"url": "https://www.suse.com/security/cve/CVE-2013-4288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3218 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3218/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3255 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3256 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3256/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-4625 page",
"url": "https://www.suse.com/security/cve/CVE-2015-4625/"
}
],
"title": "libpolkit0-0.113-3.4 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10436-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpolkit0-0.113-3.4.aarch64",
"product": {
"name": "libpolkit0-0.113-3.4.aarch64",
"product_id": "libpolkit0-0.113-3.4.aarch64"
}
},
{
"category": "product_version",
"name": "libpolkit0-32bit-0.113-3.4.aarch64",
"product": {
"name": "libpolkit0-32bit-0.113-3.4.aarch64",
"product_id": "libpolkit0-32bit-0.113-3.4.aarch64"
}
},
{
"category": "product_version",
"name": "polkit-0.113-3.4.aarch64",
"product": {
"name": "polkit-0.113-3.4.aarch64",
"product_id": "polkit-0.113-3.4.aarch64"
}
},
{
"category": "product_version",
"name": "polkit-devel-0.113-3.4.aarch64",
"product": {
"name": "polkit-devel-0.113-3.4.aarch64",
"product_id": "polkit-devel-0.113-3.4.aarch64"
}
},
{
"category": "product_version",
"name": "polkit-doc-0.113-3.4.aarch64",
"product": {
"name": "polkit-doc-0.113-3.4.aarch64",
"product_id": "polkit-doc-0.113-3.4.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Polkit-1_0-0.113-3.4.aarch64",
"product": {
"name": "typelib-1_0-Polkit-1_0-0.113-3.4.aarch64",
"product_id": "typelib-1_0-Polkit-1_0-0.113-3.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpolkit0-0.113-3.4.ppc64le",
"product": {
"name": "libpolkit0-0.113-3.4.ppc64le",
"product_id": "libpolkit0-0.113-3.4.ppc64le"
}
},
{
"category": "product_version",
"name": "libpolkit0-32bit-0.113-3.4.ppc64le",
"product": {
"name": "libpolkit0-32bit-0.113-3.4.ppc64le",
"product_id": "libpolkit0-32bit-0.113-3.4.ppc64le"
}
},
{
"category": "product_version",
"name": "polkit-0.113-3.4.ppc64le",
"product": {
"name": "polkit-0.113-3.4.ppc64le",
"product_id": "polkit-0.113-3.4.ppc64le"
}
},
{
"category": "product_version",
"name": "polkit-devel-0.113-3.4.ppc64le",
"product": {
"name": "polkit-devel-0.113-3.4.ppc64le",
"product_id": "polkit-devel-0.113-3.4.ppc64le"
}
},
{
"category": "product_version",
"name": "polkit-doc-0.113-3.4.ppc64le",
"product": {
"name": "polkit-doc-0.113-3.4.ppc64le",
"product_id": "polkit-doc-0.113-3.4.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le",
"product": {
"name": "typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le",
"product_id": "typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpolkit0-0.113-3.4.s390x",
"product": {
"name": "libpolkit0-0.113-3.4.s390x",
"product_id": "libpolkit0-0.113-3.4.s390x"
}
},
{
"category": "product_version",
"name": "libpolkit0-32bit-0.113-3.4.s390x",
"product": {
"name": "libpolkit0-32bit-0.113-3.4.s390x",
"product_id": "libpolkit0-32bit-0.113-3.4.s390x"
}
},
{
"category": "product_version",
"name": "polkit-0.113-3.4.s390x",
"product": {
"name": "polkit-0.113-3.4.s390x",
"product_id": "polkit-0.113-3.4.s390x"
}
},
{
"category": "product_version",
"name": "polkit-devel-0.113-3.4.s390x",
"product": {
"name": "polkit-devel-0.113-3.4.s390x",
"product_id": "polkit-devel-0.113-3.4.s390x"
}
},
{
"category": "product_version",
"name": "polkit-doc-0.113-3.4.s390x",
"product": {
"name": "polkit-doc-0.113-3.4.s390x",
"product_id": "polkit-doc-0.113-3.4.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Polkit-1_0-0.113-3.4.s390x",
"product": {
"name": "typelib-1_0-Polkit-1_0-0.113-3.4.s390x",
"product_id": "typelib-1_0-Polkit-1_0-0.113-3.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpolkit0-0.113-3.4.x86_64",
"product": {
"name": "libpolkit0-0.113-3.4.x86_64",
"product_id": "libpolkit0-0.113-3.4.x86_64"
}
},
{
"category": "product_version",
"name": "libpolkit0-32bit-0.113-3.4.x86_64",
"product": {
"name": "libpolkit0-32bit-0.113-3.4.x86_64",
"product_id": "libpolkit0-32bit-0.113-3.4.x86_64"
}
},
{
"category": "product_version",
"name": "polkit-0.113-3.4.x86_64",
"product": {
"name": "polkit-0.113-3.4.x86_64",
"product_id": "polkit-0.113-3.4.x86_64"
}
},
{
"category": "product_version",
"name": "polkit-devel-0.113-3.4.x86_64",
"product": {
"name": "polkit-devel-0.113-3.4.x86_64",
"product_id": "polkit-devel-0.113-3.4.x86_64"
}
},
{
"category": "product_version",
"name": "polkit-doc-0.113-3.4.x86_64",
"product": {
"name": "polkit-doc-0.113-3.4.x86_64",
"product_id": "polkit-doc-0.113-3.4.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Polkit-1_0-0.113-3.4.x86_64",
"product": {
"name": "typelib-1_0-Polkit-1_0-0.113-3.4.x86_64",
"product_id": "typelib-1_0-Polkit-1_0-0.113-3.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpolkit0-0.113-3.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpolkit0-0.113-3.4.aarch64"
},
"product_reference": "libpolkit0-0.113-3.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpolkit0-0.113-3.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpolkit0-0.113-3.4.ppc64le"
},
"product_reference": "libpolkit0-0.113-3.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpolkit0-0.113-3.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpolkit0-0.113-3.4.s390x"
},
"product_reference": "libpolkit0-0.113-3.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpolkit0-0.113-3.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpolkit0-0.113-3.4.x86_64"
},
"product_reference": "libpolkit0-0.113-3.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpolkit0-32bit-0.113-3.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.aarch64"
},
"product_reference": "libpolkit0-32bit-0.113-3.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpolkit0-32bit-0.113-3.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.ppc64le"
},
"product_reference": "libpolkit0-32bit-0.113-3.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpolkit0-32bit-0.113-3.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.s390x"
},
"product_reference": "libpolkit0-32bit-0.113-3.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpolkit0-32bit-0.113-3.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.x86_64"
},
"product_reference": "libpolkit0-32bit-0.113-3.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0.113-3.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:polkit-0.113-3.4.aarch64"
},
"product_reference": "polkit-0.113-3.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0.113-3.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:polkit-0.113-3.4.ppc64le"
},
"product_reference": "polkit-0.113-3.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0.113-3.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:polkit-0.113-3.4.s390x"
},
"product_reference": "polkit-0.113-3.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0.113-3.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:polkit-0.113-3.4.x86_64"
},
"product_reference": "polkit-0.113-3.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0.113-3.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:polkit-devel-0.113-3.4.aarch64"
},
"product_reference": "polkit-devel-0.113-3.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0.113-3.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:polkit-devel-0.113-3.4.ppc64le"
},
"product_reference": "polkit-devel-0.113-3.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0.113-3.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:polkit-devel-0.113-3.4.s390x"
},
"product_reference": "polkit-devel-0.113-3.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0.113-3.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:polkit-devel-0.113-3.4.x86_64"
},
"product_reference": "polkit-devel-0.113-3.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-doc-0.113-3.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:polkit-doc-0.113-3.4.aarch64"
},
"product_reference": "polkit-doc-0.113-3.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-doc-0.113-3.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:polkit-doc-0.113-3.4.ppc64le"
},
"product_reference": "polkit-doc-0.113-3.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-doc-0.113-3.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:polkit-doc-0.113-3.4.s390x"
},
"product_reference": "polkit-doc-0.113-3.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-doc-0.113-3.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:polkit-doc-0.113-3.4.x86_64"
},
"product_reference": "polkit-doc-0.113-3.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Polkit-1_0-0.113-3.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.aarch64"
},
"product_reference": "typelib-1_0-Polkit-1_0-0.113-3.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le"
},
"product_reference": "typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Polkit-1_0-0.113-3.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.s390x"
},
"product_reference": "typelib-1_0-Polkit-1_0-0.113-3.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Polkit-1_0-0.113-3.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.x86_64"
},
"product_reference": "typelib-1_0-Polkit-1_0-0.113-3.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-0750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-0750"
}
],
"notes": [
{
"category": "general",
"text": "pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.x86_64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.s390x",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-0750",
"url": "https://www.suse.com/security/cve/CVE-2010-0750"
},
{
"category": "external",
"summary": "SUSE Bug 593959 for CVE-2010-0750",
"url": "https://bugzilla.suse.com/593959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.x86_64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.s390x",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2010-0750"
},
{
"cve": "CVE-2011-1485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-1485"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.x86_64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.s390x",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-1485",
"url": "https://www.suse.com/security/cve/CVE-2011-1485"
},
{
"category": "external",
"summary": "SUSE Bug 1032717 for CVE-2011-1485",
"url": "https://bugzilla.suse.com/1032717"
},
{
"category": "external",
"summary": "SUSE Bug 688788 for CVE-2011-1485",
"url": "https://bugzilla.suse.com/688788"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.x86_64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.s390x",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-1485"
},
{
"cve": "CVE-2013-4288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-4288"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.x86_64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.s390x",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-4288",
"url": "https://www.suse.com/security/cve/CVE-2013-4288"
},
{
"category": "external",
"summary": "SUSE Bug 1070943 for CVE-2013-4288",
"url": "https://bugzilla.suse.com/1070943"
},
{
"category": "external",
"summary": "SUSE Bug 1099031 for CVE-2013-4288",
"url": "https://bugzilla.suse.com/1099031"
},
{
"category": "external",
"summary": "SUSE Bug 835827 for CVE-2013-4288",
"url": "https://bugzilla.suse.com/835827"
},
{
"category": "external",
"summary": "SUSE Bug 836931 for CVE-2013-4288",
"url": "https://bugzilla.suse.com/836931"
},
{
"category": "external",
"summary": "SUSE Bug 836932 for CVE-2013-4288",
"url": "https://bugzilla.suse.com/836932"
},
{
"category": "external",
"summary": "SUSE Bug 836937 for CVE-2013-4288",
"url": "https://bugzilla.suse.com/836937"
},
{
"category": "external",
"summary": "SUSE Bug 836939 for CVE-2013-4288",
"url": "https://bugzilla.suse.com/836939"
},
{
"category": "external",
"summary": "SUSE Bug 844967 for CVE-2013-4288",
"url": "https://bugzilla.suse.com/844967"
},
{
"category": "external",
"summary": "SUSE Bug 852368 for CVE-2013-4288",
"url": "https://bugzilla.suse.com/852368"
},
{
"category": "external",
"summary": "SUSE Bug 854144 for CVE-2013-4288",
"url": "https://bugzilla.suse.com/854144"
},
{
"category": "external",
"summary": "SUSE Bug 864716 for CVE-2013-4288",
"url": "https://bugzilla.suse.com/864716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.x86_64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.s390x",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-4288"
},
{
"cve": "CVE-2015-3218",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3218"
}
],
"notes": [
{
"category": "general",
"text": "The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.x86_64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.s390x",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3218",
"url": "https://www.suse.com/security/cve/CVE-2015-3218"
},
{
"category": "external",
"summary": "SUSE Bug 933922 for CVE-2015-3218",
"url": "https://bugzilla.suse.com/933922"
},
{
"category": "external",
"summary": "SUSE Bug 943816 for CVE-2015-3218",
"url": "https://bugzilla.suse.com/943816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.x86_64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.s390x",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3218"
},
{
"cve": "CVE-2015-3255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3255"
}
],
"notes": [
{
"category": "general",
"text": "The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.x86_64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.s390x",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3255",
"url": "https://www.suse.com/security/cve/CVE-2015-3255"
},
{
"category": "external",
"summary": "SUSE Bug 939246 for CVE-2015-3255",
"url": "https://bugzilla.suse.com/939246"
},
{
"category": "external",
"summary": "SUSE Bug 943816 for CVE-2015-3255",
"url": "https://bugzilla.suse.com/943816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.x86_64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.s390x",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3255"
},
{
"cve": "CVE-2015-3256",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3256"
}
],
"notes": [
{
"category": "general",
"text": "PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to \"javascript rule evaluation.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.x86_64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.s390x",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3256",
"url": "https://www.suse.com/security/cve/CVE-2015-3256"
},
{
"category": "external",
"summary": "SUSE Bug 943816 for CVE-2015-3256",
"url": "https://bugzilla.suse.com/943816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.x86_64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.s390x",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3256"
},
{
"cve": "CVE-2015-4625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-4625"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.x86_64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.s390x",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-4625",
"url": "https://www.suse.com/security/cve/CVE-2015-4625"
},
{
"category": "external",
"summary": "SUSE Bug 935119 for CVE-2015-4625",
"url": "https://bugzilla.suse.com/935119"
},
{
"category": "external",
"summary": "SUSE Bug 943816 for CVE-2015-4625",
"url": "https://bugzilla.suse.com/943816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-0.113-3.4.x86_64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.s390x",
"openSUSE Tumbleweed:libpolkit0-32bit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-devel-0.113-3.4.x86_64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.aarch64",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.s390x",
"openSUSE Tumbleweed:polkit-doc-0.113-3.4.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.s390x",
"openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.113-3.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-4625"
}
]
}
suse-su-2015:1838-1
Vulnerability from csaf_suse
Published
2015-10-22 07:44
Modified
2015-10-22 07:44
Summary
Security update for polkit
Notes
Title of the patch
Security update for polkit
Description of the patch
polkit was updated to the 0.113 release, fixing security issues and bugs.
Security issues fixed:
* Fixes CVE-2015-4625, a local privilege escalation due to predictable
authentication session cookie values. Thanks to Tavis Ormandy, Google Project
Zero for reporting this issue. For the future, authentication agents are
encouraged to use PolkitAgentSession instead of using the D-Bus agent response
API directly. (bsc#935119)
* Fixes CVE-2015-3256, various memory corruption vulnerabilities in use of the
JavaScript interpreter, possibly leading to local privilege escalation.
(bsc#943816)
* Fixes CVE-2015-3255, a memory corruption vulnerability in handling duplicate
action IDs, possibly leading to local privilege escalation. Thanks to
Laurent Bigonville for reporting this issue. (bsc#939246)
* Fixes CVE-2015-3218, which allowed any local user to crash polkitd. Thanks to
Tavis Ormandy, Google Project Zero, for reporting this issue. (bsc#933922)
Other issues fixed:
* On systemd-213 and later, the 'active' state is shared across all sessions of
an user, instead of being tracked separately.
* pkexec, when not given a program to execute, runs the users shell by
default.
* Fixed shutdown problems on powerpc64le (bsc#950114)
* polkit had a memory leak (bsc#912889)
Patchnames
SUSE-SLE-DESKTOP-12-2015-759,SUSE-SLE-SDK-12-2015-759,SUSE-SLE-SERVER-12-2015-759,SUSE-SLE-WE-12-2015-759
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for polkit",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\npolkit was updated to the 0.113 release, fixing security issues and bugs.\n\nSecurity issues fixed:\n* Fixes CVE-2015-4625, a local privilege escalation due to predictable\n authentication session cookie values. Thanks to Tavis Ormandy, Google Project\n Zero for reporting this issue. For the future, authentication agents are\n encouraged to use PolkitAgentSession instead of using the D-Bus agent response\n API directly. (bsc#935119)\n* Fixes CVE-2015-3256, various memory corruption vulnerabilities in use of the\n JavaScript interpreter, possibly leading to local privilege escalation.\n (bsc#943816)\n* Fixes CVE-2015-3255, a memory corruption vulnerability in handling duplicate\n action IDs, possibly leading to local privilege escalation. Thanks to\n Laurent Bigonville for reporting this issue. (bsc#939246)\n* Fixes CVE-2015-3218, which allowed any local user to crash polkitd. Thanks to\n Tavis Ormandy, Google Project Zero, for reporting this issue. (bsc#933922)\n\nOther issues fixed:\n* On systemd-213 and later, the \u0027active\u0027 state is shared across all sessions of\n an user, instead of being tracked separately.\n* pkexec, when not given a program to execute, runs the users shell by\n default.\n* Fixed shutdown problems on powerpc64le (bsc#950114)\n* polkit had a memory leak (bsc#912889)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-2015-759,SUSE-SLE-SDK-12-2015-759,SUSE-SLE-SERVER-12-2015-759,SUSE-SLE-WE-12-2015-759",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1838-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1838-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151838-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1838-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-October/001649.html"
},
{
"category": "self",
"summary": "SUSE Bug 912889",
"url": "https://bugzilla.suse.com/912889"
},
{
"category": "self",
"summary": "SUSE Bug 933922",
"url": "https://bugzilla.suse.com/933922"
},
{
"category": "self",
"summary": "SUSE Bug 935119",
"url": "https://bugzilla.suse.com/935119"
},
{
"category": "self",
"summary": "SUSE Bug 939246",
"url": "https://bugzilla.suse.com/939246"
},
{
"category": "self",
"summary": "SUSE Bug 943816",
"url": "https://bugzilla.suse.com/943816"
},
{
"category": "self",
"summary": "SUSE Bug 950114",
"url": "https://bugzilla.suse.com/950114"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3218 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3218/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3255 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3256 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3256/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-4625 page",
"url": "https://www.suse.com/security/cve/CVE-2015-4625/"
}
],
"title": "Security update for polkit",
"tracking": {
"current_release_date": "2015-10-22T07:44:28Z",
"generator": {
"date": "2015-10-22T07:44:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1838-1",
"initial_release_date": "2015-10-22T07:44:28Z",
"revision_history": [
{
"date": "2015-10-22T07:44:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "polkit-devel-0.113-4.1.ppc64le",
"product": {
"name": "polkit-devel-0.113-4.1.ppc64le",
"product_id": "polkit-devel-0.113-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpolkit0-0.113-4.1.ppc64le",
"product": {
"name": "libpolkit0-0.113-4.1.ppc64le",
"product_id": "libpolkit0-0.113-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "polkit-0.113-4.1.ppc64le",
"product": {
"name": "polkit-0.113-4.1.ppc64le",
"product_id": "polkit-0.113-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"product": {
"name": "typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"product_id": "typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-devel-0.113-4.1.s390x",
"product": {
"name": "polkit-devel-0.113-4.1.s390x",
"product_id": "polkit-devel-0.113-4.1.s390x"
}
},
{
"category": "product_version",
"name": "libpolkit0-0.113-4.1.s390x",
"product": {
"name": "libpolkit0-0.113-4.1.s390x",
"product_id": "libpolkit0-0.113-4.1.s390x"
}
},
{
"category": "product_version",
"name": "polkit-0.113-4.1.s390x",
"product": {
"name": "polkit-0.113-4.1.s390x",
"product_id": "polkit-0.113-4.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"product": {
"name": "typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"product_id": "typelib-1_0-Polkit-1_0-0.113-4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpolkit0-0.113-4.1.x86_64",
"product": {
"name": "libpolkit0-0.113-4.1.x86_64",
"product_id": "libpolkit0-0.113-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpolkit0-32bit-0.113-4.1.x86_64",
"product": {
"name": "libpolkit0-32bit-0.113-4.1.x86_64",
"product_id": "libpolkit0-32bit-0.113-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "polkit-0.113-4.1.x86_64",
"product": {
"name": "polkit-0.113-4.1.x86_64",
"product_id": "polkit-0.113-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"product": {
"name": "typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"product_id": "typelib-1_0-Polkit-1_0-0.113-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "polkit-devel-0.113-4.1.x86_64",
"product": {
"name": "polkit-devel-0.113-4.1.x86_64",
"product_id": "polkit-devel-0.113-4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12",
"product": {
"name": "SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12",
"product_id": "SUSE Linux Enterprise Software Development Kit 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12",
"product": {
"name": "SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 12",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 12",
"product_id": "SUSE Linux Enterprise Workstation Extension 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpolkit0-0.113-4.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:libpolkit0-0.113-4.1.x86_64"
},
"product_reference": "libpolkit0-0.113-4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpolkit0-32bit-0.113-4.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:libpolkit0-32bit-0.113-4.1.x86_64"
},
"product_reference": "libpolkit0-32bit-0.113-4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0.113-4.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:polkit-0.113-4.1.x86_64"
},
"product_reference": "polkit-0.113-4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Polkit-1_0-0.113-4.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64"
},
"product_reference": "typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0.113-4.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12",
"product_id": "SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.ppc64le"
},
"product_reference": "polkit-devel-0.113-4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0.113-4.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12",
"product_id": "SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.s390x"
},
"product_reference": "polkit-devel-0.113-4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0.113-4.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12",
"product_id": "SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.x86_64"
},
"product_reference": "polkit-devel-0.113-4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpolkit0-0.113-4.1.ppc64le as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.ppc64le"
},
"product_reference": "libpolkit0-0.113-4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpolkit0-0.113-4.1.s390x as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.s390x"
},
"product_reference": "libpolkit0-0.113-4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpolkit0-0.113-4.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.x86_64"
},
"product_reference": "libpolkit0-0.113-4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0.113-4.1.ppc64le as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:polkit-0.113-4.1.ppc64le"
},
"product_reference": "polkit-0.113-4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0.113-4.1.s390x as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:polkit-0.113-4.1.s390x"
},
"product_reference": "polkit-0.113-4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0.113-4.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:polkit-0.113-4.1.x86_64"
},
"product_reference": "polkit-0.113-4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le"
},
"product_reference": "typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Polkit-1_0-0.113-4.1.s390x as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x"
},
"product_reference": "typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Polkit-1_0-0.113-4.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64"
},
"product_reference": "typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpolkit0-0.113-4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.ppc64le"
},
"product_reference": "libpolkit0-0.113-4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpolkit0-0.113-4.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.s390x"
},
"product_reference": "libpolkit0-0.113-4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpolkit0-0.113-4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.x86_64"
},
"product_reference": "libpolkit0-0.113-4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0.113-4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.ppc64le"
},
"product_reference": "polkit-0.113-4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0.113-4.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.s390x"
},
"product_reference": "polkit-0.113-4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0.113-4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.x86_64"
},
"product_reference": "polkit-0.113-4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le"
},
"product_reference": "typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Polkit-1_0-0.113-4.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x"
},
"product_reference": "typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Polkit-1_0-0.113-4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64"
},
"product_reference": "typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpolkit0-32bit-0.113-4.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12",
"product_id": "SUSE Linux Enterprise Workstation Extension 12:libpolkit0-32bit-0.113-4.1.x86_64"
},
"product_reference": "libpolkit0-32bit-0.113-4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3218",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3218"
}
],
"notes": [
{
"category": "general",
"text": "The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libpolkit0-32bit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12:libpolkit0-32bit-0.113-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3218",
"url": "https://www.suse.com/security/cve/CVE-2015-3218"
},
{
"category": "external",
"summary": "SUSE Bug 933922 for CVE-2015-3218",
"url": "https://bugzilla.suse.com/933922"
},
{
"category": "external",
"summary": "SUSE Bug 943816 for CVE-2015-3218",
"url": "https://bugzilla.suse.com/943816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libpolkit0-32bit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12:libpolkit0-32bit-0.113-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-10-22T07:44:28Z",
"details": "moderate"
}
],
"title": "CVE-2015-3218"
},
{
"cve": "CVE-2015-3255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3255"
}
],
"notes": [
{
"category": "general",
"text": "The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libpolkit0-32bit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12:libpolkit0-32bit-0.113-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3255",
"url": "https://www.suse.com/security/cve/CVE-2015-3255"
},
{
"category": "external",
"summary": "SUSE Bug 939246 for CVE-2015-3255",
"url": "https://bugzilla.suse.com/939246"
},
{
"category": "external",
"summary": "SUSE Bug 943816 for CVE-2015-3255",
"url": "https://bugzilla.suse.com/943816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libpolkit0-32bit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12:libpolkit0-32bit-0.113-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-10-22T07:44:28Z",
"details": "moderate"
}
],
"title": "CVE-2015-3255"
},
{
"cve": "CVE-2015-3256",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3256"
}
],
"notes": [
{
"category": "general",
"text": "PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to \"javascript rule evaluation.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libpolkit0-32bit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12:libpolkit0-32bit-0.113-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3256",
"url": "https://www.suse.com/security/cve/CVE-2015-3256"
},
{
"category": "external",
"summary": "SUSE Bug 943816 for CVE-2015-3256",
"url": "https://bugzilla.suse.com/943816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libpolkit0-32bit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12:libpolkit0-32bit-0.113-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-10-22T07:44:28Z",
"details": "moderate"
}
],
"title": "CVE-2015-3256"
},
{
"cve": "CVE-2015-4625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-4625"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libpolkit0-32bit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12:libpolkit0-32bit-0.113-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-4625",
"url": "https://www.suse.com/security/cve/CVE-2015-4625"
},
{
"category": "external",
"summary": "SUSE Bug 935119 for CVE-2015-4625",
"url": "https://bugzilla.suse.com/935119"
},
{
"category": "external",
"summary": "SUSE Bug 943816 for CVE-2015-4625",
"url": "https://bugzilla.suse.com/943816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libpolkit0-32bit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Desktop 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libpolkit0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:polkit-0.113-4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:typelib-1_0-Polkit-1_0-0.113-4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:polkit-devel-0.113-4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12:libpolkit0-32bit-0.113-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-10-22T07:44:28Z",
"details": "moderate"
}
],
"title": "CVE-2015-4625"
}
]
}
gsd-2015-3218
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-3218",
"description": "The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.",
"id": "GSD-2015-3218",
"references": [
"https://www.suse.com/security/cve/CVE-2015-3218.html",
"https://ubuntu.com/security/CVE-2015-3218",
"https://advisories.mageia.org/CVE-2015-3218.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-3218"
],
"details": "The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.",
"id": "GSD-2015-3218",
"modified": "2023-12-13T01:20:07.135863Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html",
"refsource": "MISC",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "http://www.securitytracker.com/id/1035023",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1035023"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"name": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html",
"refsource": "MISC",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html"
},
{
"name": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html",
"refsource": "MISC",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html"
},
{
"name": "http://www.securityfocus.com/bid/76086",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/76086"
},
{
"name": "https://usn.ubuntu.com/3717-1/",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/3717-1/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.112",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3218"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:1734",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "[polkit-devel] 20150529 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html"
},
{
"name": "[polkit-devel] 20150630 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "FEDORA-2015-11743",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"name": "FEDORA-2015-11058",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"name": "76086",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/76086"
},
{
"name": "1035023",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1035023"
},
{
"name": "openSUSE-SU-2015:1927",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "USN-3717-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/3717-1/"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-07-18T01:29Z",
"publishedDate": "2015-10-26T19:59Z"
}
}
}
cnvd-2015-05257
Vulnerability from cnvd
Title: polkit拒绝服务漏洞
Description:
polkit是软件开发者David Zeuthen所研发的一款授权管理器。
polkit中存在拒绝服务漏洞。攻击者可利用该漏洞使应用程序崩溃,造成拒绝服务。
Severity: 低
Patch Name: polkit拒绝服务漏洞的补丁
Patch Description:
polkit是软件开发者David Zeuthen所研发的一款授权管理器。polkit中存在拒绝服务漏洞。攻击者可利用该漏洞使应用程序崩溃,造成拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://bugs.freedesktop.org/show_bug.cgi?id=90829
Reference: http://www.securityfocus.com/bid/76086
Impacted products
| Name | polkit polkit |
|---|
{
"bids": {
"bid": {
"bidNumber": "76086"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2015-3218"
}
},
"description": "polkit\u662f\u8f6f\u4ef6\u5f00\u53d1\u8005David Zeuthen\u6240\u7814\u53d1\u7684\u4e00\u6b3e\u6388\u6743\u7ba1\u7406\u5668\u3002\r\n\r\npolkit\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "Tavis Ormandy",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://bugs.freedesktop.org/show_bug.cgi?id=90829",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-05257",
"openTime": "2015-08-14",
"patchDescription": "polkit\u662f\u8f6f\u4ef6\u5f00\u53d1\u8005David Zeuthen\u6240\u7814\u53d1\u7684\u4e00\u6b3e\u6388\u6743\u7ba1\u7406\u5668\u3002polkit\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "polkit\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "polkit polkit"
},
"referenceLink": "http://www.securityfocus.com/bid/76086",
"serverity": "\u4f4e",
"submitTime": "2015-08-13",
"title": "polkit\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
fkie_cve-2015-3218
Vulnerability from fkie_nvd
Published
2015-10-26 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polkit_project | polkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "154D0301-B371-4F38-9DD5-EDBE487A37C8",
"versionEndIncluding": "0.112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path."
},
{
"lang": "es",
"value": "La funci\u00f3n authentication_agent_new en polkitbackend/polkitbackendinteractiveauthority.c en PolicyKit (tambi\u00e9n conocido como polkit) en versiones anteriores a 0.113 permite a usuarios locales provocar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda de demonio polkitd) llamando a RegisterAuthenticationAgent con una ruta de objeto no v\u00e1lida."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
"id": "CVE-2015-3218",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-26T19:59:00.107",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/76086"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1035023"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/3717-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3717-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-q9cc-g5q2-4hhx
Vulnerability from github
Published
2022-05-14 03:13
Modified
2025-04-12 12:53
VLAI Severity ?
Details
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
{
"affected": [],
"aliases": [
"CVE-2015-3218"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-10-26T19:59:00Z",
"severity": "LOW"
},
"details": "The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.",
"id": "GHSA-q9cc-g5q2-4hhx",
"modified": "2025-04-12T12:53:30Z",
"published": "2022-05-14T03:13:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3218"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3717-1"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"type": "WEB",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"type": "WEB",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html"
},
{
"type": "WEB",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/76086"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1035023"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…