[SECURITY] Fedora 21 Update: polkit-0.113-4.fc21
updates at fedoraproject.org
updates at fedoraproject.org
Tue Jul 21 08:23:46 UTC 2015
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-11743
2015-07-17 23:28:22
--------------------------------------------------------------------------------
Name : polkit
Product : Fedora 21
Version : 0.113
Release : 4.fc21
URL : http://www.freedesktop.org/wiki/Software/polkit
Summary : An authorization framework
Description :
polkit is a toolkit for defining and handling authorizations. It is
used for allowing unprivileged processes to speak to privileged
processes.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2015-3218, CVE-2015-3255, CVE-2015-3256, CVE-2015-4625.
Please make sure to reboot or run (systemctl restart polkit.service) after applying this update.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 14 2015 Miloslav Trmač <mitr at redhat.com> - 0.113-4
- Bump the Obsoletes: to < 0.113-3 to account for the non-split 0.113-2.fc21
Resolves: #1243004
* Sun Jul 12 2015 Rex Dieter <rdieter at fedoraproject.org> 0.113-3
- Obsoletes: polkit < 0.112-8 (handle multilib upgrade path)
* Fri Jul 10 2015 Miloslav Trmač <mitr at redhat.com> - 0.113-2
- Add a fully versioned dependency from polkit to polkit-libs
Resolves: #1241759
- Require polkit-libs, not polkit, in polkit-devel
* Thu Jul 2 2015 Miloslav Trmač <mitr at redhat.com> - 0.113-1
- Update to polkit-0.113 (CVE-2015-3218, CVE-2015-3255, CVE-2015-3256,
CVE-2015-4625)
Resolves: #910262, #1175061, #1177930, #1194391, #1228739, #1233810
* Fri Jun 19 2015 Miloslav Trmač <mitr at redhat.com> - 0.112-11
- Add BuildRequires: systemd so that %{_unitdir} is defined, to fix the build.
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.112-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sun Jan 25 2015 Rex Dieter <rdieter at fedoraproject.org> - 0.112-9
- polkit doesn't release reference counters of GVariant data (#1180886)
- fix ldconfig scriptlets (move to -libs subpkg)
* Sat Nov 8 2014 Colin Walters <walters at redhat.com> - 0.112-8
- Split separate -libs package, so that NetworkManager can just depend on
that, without dragging in the daemon (as well as libmozjs17). This
allows the creation of more minimal systems that want programs like NM,
but do not need the configurability of the daemon; it would be ok if only
root is authorized.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1228738 - CVE-2015-3218 polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent
https://bugzilla.redhat.com/show_bug.cgi?id=1228738
[ 2 ] Bug #1233808 - CVE-2015-4625 polkit: potential information disclosure vulnerability due to cookie counter wrapping
https://bugzilla.redhat.com/show_bug.cgi?id=1233808
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update polkit' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list