Moderate CentOS polkit Security Update

Metadata

medium
4.6
polkit-0.112-6.el7_2.i686.rpm, polkit-0.112-6.el7_2.src.rpm, polkit-0.112-6.el7_2.x86_64.rpm, polkit-devel-0.112-6.el7_2.i686.rpm, polkit-devel-0.112-6.el7_2.x86_64.rpm, polkit-docs-0.112-6.el7_2.noarch.rpm
CVE-2015-3256
rhn.redhat.com, lists.centos.org
2016-02-17
2017-07-27 19:10
CVE-2015-3256 policykit-1
CVE-2015-3256
2017-04-01 19:09
2017-01-05 20:13

Description


Updated polkit packages that fix one security issue are now available for
Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

PolicyKit is a toolkit for defining and handling authorizations.

A denial of service flaw was found in how polkit handled authorization
requests. A local, unprivileged user could send malicious requests to
polkit, which could then cause the polkit daemon to corrupt its memory and
crash. (CVE-2015-3256)

All polkit users should upgrade to these updated packages, which contain a
backported patch to correct this issue. The system must be rebooted for
this update to take effect.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
7 polkit polkit-0.112-6.el7_2.i686.rpm
polkit polkit-0.112-6.el7_2.src.rpm
polkit polkit-0.112-6.el7_2.x86_64.rpm
polkit-devel polkit-devel-0.112-6.el7_2.i686.rpm
polkit-devel polkit-devel-0.112-6.el7_2.x86_64.rpm
polkit-docs polkit-docs-0.112-6.el7_2.noarch.rpm