polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation

Background

polkit is a toolkit for managing policies relating to unprivileged processes communicating with privileged processes.

Description

polkit has a race condition which potentially allows a process to change its UID/EUID via suid or pkexec before authentication is completed.

Impact

A local attacker could start a suid or pkexec process through a polkit-enabled application, which could result in privilege escalation or bypass of polkit restrictions.

Workaround

There is no known workaround at this time.

Resolution

All polkit users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.112"

All HPLIP users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-print/hplip-3.14.1"

All Spice-Gtk users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/spice-gtk-0.21"

All systemd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/systemd-204-r1"

All libvirt users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-1.1.2-r3"