[SECURITY] [DLA 1644-1] policykit-1 security update

2019-01-2813:05:06

lists.debian.org

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

32.0%

JSON

Package : policykit-1
Version : 0.105-15~deb8u4
CVE ID : CVE-2018-19788 CVE-2019-6133

Two vulnerabilities were found in Policykit, a framework for managing
administrative policies and privileges:

CVE-2018-19788

It was discovered that incorrect processing of very high UIDs in
Policykit could result in authentication bypass.

CVE-2019-6133

Jann Horn of Google found that Policykit doesn&#x27;t properly check
if a process is already authenticated, which can lead to an
authentication reuse by a different user.

For Debian 8 "Jessie", these problems have been fixed in version
0.105-15~deb8u4.

We recommend that you upgrade your policykit-1 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8i386linux-image-3.16.0-9-686-pae< 3.16.68-1linux-image-3.16.0-9-686-pae_3.16.68-1_i386.deb
Debian8i386gir1.2-polkit-1.0< 0.105-15~deb8u4gir1.2-polkit-1.0_0.105-15~deb8u4_i386.deb
Debian9mipsmd-modules-4.9.0-9-4kc-malta-di< 4.9.161-1md-modules-4.9.0-9-4kc-malta-di_4.9.161-1_mips.deb
Debian8i386nic-wireless-modules-3.16.0-9-686-pae-di< 3.16.68-1nic-wireless-modules-3.16.0-9-686-pae-di_3.16.68-1_i386.deb
Debian8i386mouse-modules-3.16.0-9-686-pae-di< 3.16.68-1mouse-modules-3.16.0-9-686-pae-di_3.16.68-1_i386.deb
Debian9mipselinput-modules-4.9.0-9-octeon-di< 4.9.161-1input-modules-4.9.0-9-octeon-di_4.9.161-1_mipsel.deb
Debian9mipslinux-cpupower< 4.9.161-1linux-cpupower_4.9.161-1_mips.deb
Debian9mips64elvirtio-modules-4.9.0-9-loongson-3-di< 4.9.161-1virtio-modules-4.9.0-9-loongson-3-di_4.9.161-1_mips64el.deb
Debian8armelloop-modules-3.16.0-9-kirkwood-di< 3.16.68-1loop-modules-3.16.0-9-kirkwood-di_3.16.68-1_armel.deb
Debian9mips64elcrypto-dm-modules-4.9.0-9-octeon-di< 4.9.161-1crypto-dm-modules-4.9.0-9-octeon-di_4.9.161-1_mips64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	i386	linux-image-3.16.0-9-686-pae	< 3.16.68-1	linux-image-3.16.0-9-686-pae_3.16.68-1_i386.deb
Debian	8	i386	gir1.2-polkit-1.0	< 0.105-15~deb8u4	gir1.2-polkit-1.0_0.105-15~deb8u4_i386.deb
Debian	9	mips	md-modules-4.9.0-9-4kc-malta-di	< 4.9.161-1	md-modules-4.9.0-9-4kc-malta-di_4.9.161-1_mips.deb
Debian	8	i386	nic-wireless-modules-3.16.0-9-686-pae-di	< 3.16.68-1	nic-wireless-modules-3.16.0-9-686-pae-di_3.16.68-1_i386.deb
Debian	8	i386	mouse-modules-3.16.0-9-686-pae-di	< 3.16.68-1	mouse-modules-3.16.0-9-686-pae-di_3.16.68-1_i386.deb
Debian	9	mipsel	input-modules-4.9.0-9-octeon-di	< 4.9.161-1	input-modules-4.9.0-9-octeon-di_4.9.161-1_mipsel.deb
Debian	9	mips	linux-cpupower	< 4.9.161-1	linux-cpupower_4.9.161-1_mips.deb
Debian	9	mips64el	virtio-modules-4.9.0-9-loongson-3-di	< 4.9.161-1	virtio-modules-4.9.0-9-loongson-3-di_4.9.161-1_mips64el.deb
Debian	8	armel	loop-modules-3.16.0-9-kirkwood-di	< 3.16.68-1	loop-modules-3.16.0-9-kirkwood-di_3.16.68-1_armel.deb
Debian	9	mips64el	crypto-dm-modules-4.9.0-9-octeon-di	< 4.9.161-1	crypto-dm-modules-4.9.0-9-octeon-di_4.9.161-1_mips64el.deb