Your submission was sent successfully! Close

CVE-2018-19788

Published: 3 December 2018

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
policykit-1
Launchpad, Ubuntu, Debian
bionic
Released (0.105-20ubuntu0.18.04.4)
cosmic
Released (0.105-21ubuntu0.3)
precise
Released (0.104-1ubuntu1.4)
trusty
Released (0.105-4ubuntu3.14.04.5)
upstream Needs triage

xenial
Released (0.105-14.1ubuntu0.4)
Patches:
upstream: https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379
upstream: https://gitlab.freedesktop.org/polkit/polkit/commit/b534a10727455409acd54018a9c91000e7626126