Test Kennung:	1.3.6.1.4.1.25623.1.0.882051
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for polkit-qt CESA-2014:1359 centos7
Zusammenfassung:	Check the version of polkit-qt
Beschreibung:	Summary: Check the version of polkit-qt Vulnerability Insight: Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2014-5033) All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: polkit-qt on CentOS 7 Solution: Please install the updated packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5033 Debian Security Information: DSA-3004 (Google Search) http://www.debian.org/security/2014/dsa-3004 RedHat Security Advisories: RHSA-2014:1359 http://rhn.redhat.com/errata/RHSA-2014-1359.html http://secunia.com/advisories/60385 http://secunia.com/advisories/60633 http://secunia.com/advisories/60654 SuSE Security Announcement: openSUSE-SU-2014:0981 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html http://www.ubuntu.com/usn/USN-2304-1
Copyright	Copyright (C) 2014 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.