USN-1117-1: PolicyKit vulnerability
19 April 2011
Local users could gain root access by using the pkexec tool in PolicyKit.
- policykit-1 - framework for managing administrative policies and privileges
Neel Mehta discovered that PolicyKit did not correctly verify the user
making authorization requests. A local attacker could exploit this to
trick pkexec into running applications with root privileges.
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to reboot your computer to make
all the necessary changes.