Name | CVE-2018-1116 |
Description | A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-1448-1 |
Debian Bugs | 903563 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
policykit-1 (PTS) | bullseye (security), bullseye | 0.105-31+deb11u1 | fixed |
| bookworm | 122-3 | fixed |
| sid, trixie | 125-2 | fixed |
The information below is based on the following data on fixed versions.
Notes
[stretch] - policykit-1 <no-dsa> (Minor issue; can be fixed via point release)
https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad53643a9c80231fc41f5582d6a8931c32c
https://lists.freedesktop.org/archives/polkit-devel/2018-July/000583.html
https://bugzilla.suse.com/show_bug.cgi?id=1099031