On 12/6/18 2:13 PM, Trevor Vaughan wrote:
On a related note to pkexec, anyone know how to mitigate this? https://thehackernews.com/2018/12/linux-user-privilege-policykit.html
https://access.redhat.com/security/cve/cve-2018-19788 "Do not allow negative UIDs or UIDs greater than 2147483646." ....... which is weird, since patches were upstream:- https://gitlab.freedesktop.org/zbyszek/polkit/commit/fbaab32cb4ed9ed5f1e3eea6cd317d443aa427dc - https://gitlab.freedesktop.org/zbyszek/polkit/commit/7c8c3abdedbb991a69bc5f1ab0f96576958b55de
I'll ask around on the RHEL product security team to see what's up.
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
