|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for polkit-qt RHSA-2014:1359-01|
|Summary:||The remote host is missing an update for the 'polkit-qt'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'polkit-qt'
package(s) announced via the referenced advisory.
Polkit-qt is a library that lets
developers use the PolicyKit API through a Qt-styled API. The polkit-qt
library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs.
It was found that polkit-qt handled authorization requests with PolicyKit
via a D-Bus API that is vulnerable to a race condition. A local user could
use this flaw to bypass intended PolicyKit authorizations. This update
modifies polkit-qt to communicate with PolicyKit via a different API that
is not vulnerable to the race condition. (CVE-2014-5033)
All polkit-qt users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.
polkit-qt on Red Hat Enterprise Linux Server (v. 7)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2014-5033|
Debian Security Information: DSA-3004 (Google Search)
RedHat Security Advisories: RHSA-2014:1359
SuSE Security Announcement: openSUSE-SU-2014:0981 (Google Search)
|Copyright||Copyright (C) 2014 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.