Red Hat Local Security Checks : RedHat Update for polkit-qt RHSA-2014:1359-01

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.871256

Categoría: Red Hat Local Security Checks

Título: RedHat Update for polkit-qt RHSA-2014:1359-01

Resumen: The remote host is missing an update for the 'polkit-qt'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'polkit-qt'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Polkit-qt is a library that lets
developers use the PolicyKit API through a Qt-styled API. The polkit-qt
library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs.

It was found that polkit-qt handled authorization requests with PolicyKit
via a D-Bus API that is vulnerable to a race condition. A local user could
use this flaw to bypass intended PolicyKit authorizations. This update
modifies polkit-qt to communicate with PolicyKit via a different API that
is not vulnerable to the race condition. (CVE-2014-5033)

All polkit-qt users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

Affected Software/OS:
polkit-qt on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-5033
Debian Security Information: DSA-3004 (Google Search)
http://www.debian.org/security/2014/dsa-3004
RedHat Security Advisories: RHSA-2014:1359
http://rhn.redhat.com/errata/RHSA-2014-1359.html
http://secunia.com/advisories/60385
http://secunia.com/advisories/60633
http://secunia.com/advisories/60654
SuSE Security Announcement: openSUSE-SU-2014:0981 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html
http://www.ubuntu.com/usn/USN-2304-1

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.871256
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for polkit-qt RHSA-2014:1359-01
Resumen:	The remote host is missing an update for the 'polkit-qt'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'polkit-qt' package(s) announced via the referenced advisory. Vulnerability Insight: Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2014-5033) All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: polkit-qt on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5033 Debian Security Information: DSA-3004 (Google Search) http://www.debian.org/security/2014/dsa-3004 RedHat Security Advisories: RHSA-2014:1359 http://rhn.redhat.com/errata/RHSA-2014-1359.html http://secunia.com/advisories/60385 http://secunia.com/advisories/60633 http://secunia.com/advisories/60654 SuSE Security Announcement: openSUSE-SU-2014:0981 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html http://www.ubuntu.com/usn/USN-2304-1
Copyright	Copyright (C) 2014 Greenbone AG