| Release | Version |
|---|---|
| stretch | 0.105-18+deb9u1 |
| buster | 0.105-25 |
| bullseye | 0.105-31 |
| sid | 0.105-31 |
| Bug | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|
| CVE-2019-6133 | vulnerable (no DSA) | fixed | fixed | fixed | In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism ... |
| CVE-2018-1116 | vulnerable (no DSA) | fixed | fixed | fixed | A flaw was found in polkit before version 0.116. The implementation of ... |
| CVE-2016-2568 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable | pkexec, when used with --user nonpriv, allows local users to escape to ... |
| Bug | Description |
|---|---|
| CVE-2021-3560 | local privilege escalation using polkit_system_bus_name_get_creds_sync() |
| CVE-2018-19788 | A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user wi ... |
| CVE-2015-4625 | Integer overflow in the authentication_agent_new_cookie function in Po ... |
| CVE-2015-3256 | PolicyKit (aka polkit) before 0.113 allows local users to cause a deni ... |
| CVE-2015-3255 | The polkit_backend_action_pool_init function in polkitbackend/polkitba ... |
| CVE-2015-3218 | The authentication_agent_new function in polkitbackend/polkitbackendin ... |
| CVE-2013-4288 | Race condition in PolicyKit (aka polkit) allows local users to bypass ... |
| CVE-2011-4945 | PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which ... |
| CVE-2011-1485 | Race condition in the pkexec utility and polkitd daemon in PolicyKit ( ... |
| CVE-2010-0750 | pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users t ... |
| CVE-2008-1658 | Format string vulnerability in the grant helper (polkit-grant-helper.c ... |
| DSA / DLA | Description |
|---|---|
| DLA-1644-1 | policykit-1 - security update |
| DSA-4350-1 | policykit-1 - security update |
| DLA-1448-1 | policykit-1 - security update |
| DSA-2319-1 | policykit-1 - race condition |