rpm package
suse/polkit&distro=SUSE Linux Enterprise Desktop 12
pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Desktop%2012
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-4625 | — | < 0.113-4.1 | 0.113-4.1 | Oct 26, 2015 | Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. | ||
| CVE-2015-3256 | — | < 0.113-4.1 | 0.113-4.1 | Oct 26, 2015 | PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation." | ||
| CVE-2015-3255 | — | < 0.113-4.1 | 0.113-4.1 | Oct 26, 2015 | The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions. | ||
| CVE-2015-3218 | — | < 0.113-4.1 | 0.113-4.1 | Oct 26, 2015 | The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an inv |
- CVE-2015-4625Oct 26, 2015affected < 0.113-4.1fixed 0.113-4.1
Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.
- CVE-2015-3256Oct 26, 2015affected < 0.113-4.1fixed 0.113-4.1
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
- CVE-2015-3255Oct 26, 2015affected < 0.113-4.1fixed 0.113-4.1
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
- CVE-2015-3218Oct 26, 2015affected < 0.113-4.1fixed 0.113-4.1
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an inv