Bug 1298

Summary:	polkit local root exploit ( CVE-2011-1485 )
Product:	Mageia	Reporter:	Michael Scherer <misc>
Component:	Security	Assignee:	Michael Scherer <misc>
Status:	RESOLVED FIXED	QA Contact:
Severity:	critical
Priority:	Normal
Version:	Cauldron
Target Milestone:	---
Hardware:	i586
OS:	Linux
URL:	http://web.archiveorange.com/archive/v/IhpljmgdvV90sstTLAjO
Whiteboard:
Source RPM:	polkit	CVE:
Status comment:
Bug Depends on:
Bug Blocks:	908

Description Michael Scherer 2011-05-16 09:38:33 CEST

Fedora, Mandriva and Ubuntu updated polkit for a potential local root exploit, acording to upstream 

http://osvdb.org/show/osvdb/72261

There is various patchs to correct this, or wait for 0.102 : 
http://web.archiveorange.com/archive/v/IhpljmgdvV90sstTLAjO

http://cgit.freedesktop.org/PolicyKit/commit/?id=129b6223a19e7fb2753f8cad7957ac5402394076
http://cgit.freedesktop.org/PolicyKit/commit/?id=c23d74447c7615dc74dae259f0fc3688ec988867
http://cgit.freedesktop.org/PolicyKit/commit/?id=3b12cfac29dddd27f1f166a7574d8374cc1dccf2
http://cgit.freedesktop.org/PolicyKit/commit/?id=dd848a42a64a3b22a0cc60f6657b56ce9b6010ae

I would suggest to take the 4 patch.

Michael Scherer 2011-05-16 09:38:45 CEST

Blocks: (none) => 908

Michael Scherer 2011-05-16 17:23:12 CEST

Summary: local root exploit ( CVE-2011-1485 ) => polkit local root exploit ( CVE-2011-1485 )

Michael Scherer 2011-05-17 16:07:40 CEST

Status: NEW => ASSIGNED
Assignee: bugsquad => misc

Comment 1 Michael Scherer 2011-05-17 16:32:06 CEST

Fixed in -2mga

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED