CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
5.1%
CentOS Errata and Security Advisory CESA-2016:0189
PolicyKit is a toolkit for defining and handling authorizations.
A denial of service flaw was found in how polkit handled authorization
requests. A local, unprivileged user could send malicious requests to
polkit, which could then cause the polkit daemon to corrupt its memory and
crash. (CVE-2015-3256)
All polkit users should upgrade to these updated packages, which contain a
backported patch to correct this issue. The system must be rebooted for
this update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-February/083837.html
Affected packages:
polkit
polkit-devel
polkit-docs
Upstream details at:
https://access.redhat.com/errata/RHSA-2016:0189
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | i686 | polkit | < 0.112-6.el7_2 | polkit-0.112-6.el7_2.i686.rpm |
CentOS | 7 | x86_64 | polkit | < 0.112-6.el7_2 | polkit-0.112-6.el7_2.x86_64.rpm |
CentOS | 7 | i686 | polkit-devel | < 0.112-6.el7_2 | polkit-devel-0.112-6.el7_2.i686.rpm |
CentOS | 7 | x86_64 | polkit-devel | < 0.112-6.el7_2 | polkit-devel-0.112-6.el7_2.x86_64.rpm |
CentOS | 7 | noarch | polkit-docs | < 0.112-6.el7_2 | polkit-docs-0.112-6.el7_2.noarch.rpm |