FEDORA-2015-11058 created by mitr 5 years ago for Fedora 22
stable

Security fix for CVE-2015-3218, CVE-2015-3255, CVE-2015-3256, CVE-2015-4625

How to install

sudo dnf upgrade --advisory=FEDORA-2015-11058

This update has been submitted for testing by mitr.

5 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/103071/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/103071/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 22 testing updates repository.

5 years ago

This update has been pushed to testing

5 years ago
User Icon evillagr commented & provided feedback 5 years ago
karma

work fine on casual use

User Icon besser82 commented & provided feedback 5 years ago
karma

LGTM =)

Critical path update approved

5 years ago

Fails within KDE (root-pw never accepted). Back to 112-9 works perfect.

karma: -1

User Icon fcon commented & provided feedback 5 years ago
karma

looks good

This update has reached the stable karma threshold and will be pushed to the stable updates repository

5 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/104757/steps/runtask/logs/stdio (results are informative only)

User Icon rathann commented & provided feedback 5 years ago
karma

Looks like nobody noticed the ABI break in polkit-libs and there's no strict dependency between polkit and polkit-libs, so if you upgraded just polkit (and not polkit-libs), polkitd won't start.

KDE anyone? Seems severely broken by a regression 0.112-9 => 0.113-1.

karma: -1

User Icon oxo commented & provided feedback 5 years ago
karma

Seems to work fine (in conjunction with KDE)

samoht0-sapo@yahoo.com, it works fine for me on a fresh F22 KDE live install as well. Please file a bug with detailed version information and precise steps to reproduce.

@oxo+mitr: Thanks for testing KDE. I'll investigate this in more detail. If the issue is reproducible, i'll file a bug.

This update is currently being pushed to the Fedora 22 stable updates repository.

5 years ago

This update has been pushed to stable

5 years ago
User Icon fredyn commented & provided feedback 5 years ago
karma

Indeed, this update breaks established authentication rules for PackageKit and Suspend from KMenu. Downgrading polkit to 0.112-9.fc22.x86_64 fixes the authentication regression. The polkit changes in 0.113 likely require changes in other components, see # rpm -qa | grep polkit polkit-libs-0.113-1.fc22.x86_64 polkit-pkla-compat-0.1-5.fc22.x86_64 polkit-0.112-9.fc22.x86_64 polkit-qt5-1-0.112.0-3.fc22.x86_64 polkit-kde-5.3.2-1.fc22.x86_64 polkit-libs-0.113-1.fc22.i686 polkit-qt-0.112.0-3.fc22.x86_64

User Icon fredyn commented & provided feedback 5 years ago
karma
User Icon fredyn commented & provided feedback 5 years ago
karma

Please login to add feedback.

Metadata
Type
security
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
5 years ago
in testing
5 years ago
in stable
5 years ago
BZ#910262 [abrt] polkit-0.107-4.fc18: js::PropertyTable::search: Process /usr/lib/polkit-1/polkitd was killed by signal 11 (SIGSEGV)
0
0
BZ#1175061 [abrt] polkit: js::ShapeTable::search(): polkitd killed by SIGSEGV
0
0
BZ#1177930 [abrt] polkit: LookupPropertyWithFlagsInline(): polkitd killed by SIGSEGV
0
0
BZ#1194391 [abrt] polkit: getObjectClass(): polkitd killed by SIGSEGV
0
0
BZ#1228738 CVE-2015-3218 polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent
0
0
BZ#1228739 CVE-2015-3218 polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent [fedora-all]
0
0
BZ#1233808 CVE-2015-4625 polkit: potential information disclosure vulnerability due to cookie counter wrapping
0
0
BZ#1233810 CVE-2015-4625 polkit: potential information disclosure vulnerability due to cookie counter wrapping [fedora-all]
0
0

Automated Test Results