policykit-1 (0.105-14.1ubuntu0.4) xenial-security; urgency=medium
* SECURITY UPDATE: authorization bypass with large uid
- debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
- debian/patches/CVE-2018-19788-2.patch: add tests to
test/data/etc/group, test/data/etc/passwd,
test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
test/polkitbackend/polkitbackendlocalauthoritytest.c.
- debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
PolkitUnixProcess in src/polkit/polkitunixprocess.c.
- CVE-2018-19788
Date: 2019-01-15 13:49:31.826192+00:00
Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com>
Signed-By: Ubuntu Archive Robot
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/policykit-1/0.105-14.1ubuntu0.4
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
