Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-4625

Published: 26 October 2015

Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.

Priority

Low

Status

Package Release Status
policykit-1
Launchpad, Ubuntu, Debian
upstream Needs triage

artful
Released (0.105-11ubuntu1)
bionic
Released (0.105-11ubuntu1)
cosmic
Released (0.105-11ubuntu1)
disco
Released (0.105-11ubuntu1)
eoan
Released (0.105-11ubuntu1)
focal
Released (0.105-11ubuntu1)
groovy
Released (0.105-11ubuntu1)
precise Ignored
(end of life)
trusty
Released (0.105-4ubuntu3.14.04.2)
utopic Ignored
(end of life)
vivid Ignored
(end of life)
wily
Released (0.105-11ubuntu1)
xenial
Released (0.105-11ubuntu1)
yakkety
Released (0.105-11ubuntu1)
zesty
Released (0.105-11ubuntu1)
hirsute
Released (0.105-11ubuntu1)
Patches:
upstream: http://cgit.freedesktop.org/polkit/commit/?id=ea544ffc18405237ccd95d28d7f45afef49aca17
upstream: http://cgit.freedesktop.org/polkit/commit/?id=493aa5dc1d278ab9097110c1262f5229bbaf1766
upstream: http://cgit.freedesktop.org/polkit/commit/?id=fb5076b7c05d01a532d593a4079a29cf2d63a228