Bug 2931 - [UPDATE REQUEST] [UPSTREAM UPDATE] rtkit
: [UPDATE REQUEST] [UPSTREAM UPDATE] rtkit
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-18 14:57 MSD by Andrew Lukoshko
Modified: 2013-11-19 12:35 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrew.lukoshko: published_server+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2013-10-18 14:57:05 MSD
It was found that RealtimeKit communicated with PolicyKit for authorization
using a D-Bus API that is vulnerable to a race condition. This could have
led to intended PolicyKit authorizations being bypassed. This update
modifies RealtimeKit to communicate with PolicyKit via a different API that
is not vulnerable to the race condition. (CVE-2013-4326)

http://rhn.redhat.com/errata/RHSA-2013-1282.html

https://abf.rosalinux.ru/build_lists/1335825
https://abf.rosalinux.ru/build_lists/1335826
Comment 1 Vladimir Potapov 2013-10-25 10:13:34 MSD
Error 404
Page not found
Comment 3 Vladimir Potapov 2013-11-17 16:24:07 MSK
rtkit-0.5-2.res6
******************** RHEL Advisory *******************
It was found that RealtimeKit communicated with PolicyKit for authorization
using a D-Bus API that is vulnerable to a race condition. This could have
led to intended PolicyKit authorizations being bypassed. This update
modifies RealtimeKit to communicate with PolicyKit via a different API that
is not vulnerable to the race condition. (CVE-2013-4326)
******************************************************
QA Verified