Test ID:	1.3.6.1.4.1.25623.1.0.882051
Category:	CentOS Local Security Checks
Title:	CentOS Update for polkit-qt CESA-2014:1359 centos7
Summary:	Check the version of polkit-qt
Description:	Summary: Check the version of polkit-qt Vulnerability Insight: Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2014-5033) All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: polkit-qt on CentOS 7 Solution: Please install the updated packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5033 Debian Security Information: DSA-3004 (Google Search) http://www.debian.org/security/2014/dsa-3004 RedHat Security Advisories: RHSA-2014:1359 http://rhn.redhat.com/errata/RHSA-2014-1359.html http://secunia.com/advisories/60385 http://secunia.com/advisories/60633 http://secunia.com/advisories/60654 SuSE Security Announcement: openSUSE-SU-2014:0981 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html http://www.ubuntu.com/usn/USN-2304-1
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.