polkit security update

2019-02-26T20:22:22
ID CESA-2019:0420
Type centos
Reporter CentOS Project
Modified 2019-02-26T20:22:22

Description

CentOS Errata and Security Advisory CESA-2019:0420

The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.

Security Fix(es):

  • polkit: Temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2019-February/023210.html

Affected packages: polkit polkit-desktop-policy polkit-devel polkit-docs

Upstream details at: