[gentoo-announce] [ GLSA 201406-27 ] polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation - gentoo-announce

From:	Chris Reffett <creffett@g.o>
To:	gentoo-announce@g.o
Subject:	[gentoo-announce] [ GLSA 201406-27 ] polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation
Date:	Thu, 26 Jun 2014 23:06:15
Message-Id:	`53ACA417.7080201@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201406-27

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: High

8

    Title: polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege

9

           escalation

10

     Date: June 26, 2014

11

     Bugs: #484486, #484488, #485420, #485546, #485904

12

       ID: 201406-27

13

14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

15

16

Synopsis

17

========

18

19

A race condition in polkit could allow a local attacker to gain

20

escalated privileges.

21

22

Background

23

==========

24

25

polkit is a toolkit for managing policies relating to unprivileged

26

processes communicating with privileged processes.

27

28

Affected packages

29

=================

30

31

    -------------------------------------------------------------------

32

     Package              /     Vulnerable     /            Unaffected

33

    -------------------------------------------------------------------

34

  1  net-print/hplip              < 3.14.1                  >= 3.14.1

35

  2  net-misc/spice-gtk            < 0.21                     >= 0.21

36

  3  sys-apps/systemd             < 204-r1                  >= 204-r1

37

  4  app-emulation/libvirt       < 1.1.2-r3               >= 1.1.2-r3

38

  5  sys-auth/polkit              < 0.112                    >= 0.112

39

    -------------------------------------------------------------------

40

     5 affected packages

41

42

Description

43

===========

44

45

polkit has a race condition which potentially allows a process to

46

change its UID/EUID via suid or pkexec before authentication is

47

completed.

48

49

Impact

50

======

51

52

A local attacker could start a suid or pkexec process through a

53

polkit-enabled application, which could result in privilege escalation

54

or bypass of polkit restrictions.

55

56

Workaround

57

==========

58

59

There is no known workaround at this time.

60

61

Resolution

62

==========

63

64

All polkit users should upgrade to the latest version:

65

66

  # emerge --sync

67

  # emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.112"

68

69

All HPLIP users should upgrade to the latest version:

70

71

  # emerge --sync

72

  # emerge --ask --oneshot --verbose ">=net-print/hplip-3.14.1"

73

74

All Spice-Gtk users should upgrade to the latest version:

75

76

  # emerge --sync

77

  # emerge --ask --oneshot --verbose ">=net-misc/spice-gtk-0.21"

78

79

All systemd users should upgrade to the latest version:

80

81

  # emerge --sync

82

  # emerge --ask --oneshot --verbose ">=sys-apps/systemd-204-r1"

83

84

All libvirt users should upgrade to the latest version:

85

86

  # emerge --sync

87

  # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-1.1.2-r3"

88

89

References

90

==========

91

92

[ 1 ] CVE-2013-4288

93

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4288

94

[ 2 ] CVE-2013-4311

95

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4311

96

[ 3 ] CVE-2013-4324

97

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4324

98

[ 4 ] CVE-2013-4325

99

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4325

100

[ 5 ] CVE-2013-4327

101

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4327

102

103

Availability

104

============

105

106

This GLSA and any updates to it are available for viewing at

107

the Gentoo Security Website:

108

109

 http://security.gentoo.org/glsa/glsa-201406-27.xml

110

111

Concerns?

112

=========

113

114

Security is a primary focus of Gentoo Linux and ensuring the

115

confidentiality and security of our users' machines is of utmost

116

importance to us. Any security concerns should be addressed to

117

security@g.o or alternatively, you may file a bug at

118

https://bugs.gentoo.org.

119

120

License

121

=======

122

123

Copyright 2014 Gentoo Foundation, Inc; referenced text

124

belongs to its owner(s).

125

126

The contents of this document are licensed under the

127

Creative Commons - Attribution / Share Alike license.

128

129

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201406-27
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege
9	escalation
10	Date: June 26, 2014
11	Bugs: #484486, #484488, #485420, #485546, #485904
12	ID: 201406-27
13
14	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16	Synopsis
17	========
18
19	A race condition in polkit could allow a local attacker to gain
20	escalated privileges.
21
22	Background
23	==========
24
25	polkit is a toolkit for managing policies relating to unprivileged
26	processes communicating with privileged processes.
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 net-print/hplip < 3.14.1 >= 3.14.1
35	2 net-misc/spice-gtk < 0.21 >= 0.21
36	3 sys-apps/systemd < 204-r1 >= 204-r1
37	4 app-emulation/libvirt < 1.1.2-r3 >= 1.1.2-r3
38	5 sys-auth/polkit < 0.112 >= 0.112
39	-------------------------------------------------------------------
40	5 affected packages
41
42	Description
43	===========
44
45	polkit has a race condition which potentially allows a process to
46	change its UID/EUID via suid or pkexec before authentication is
47	completed.
48
49	Impact
50	======
51
52	A local attacker could start a suid or pkexec process through a
53	polkit-enabled application, which could result in privilege escalation
54	or bypass of polkit restrictions.
55
56	Workaround
57	==========
58
59	There is no known workaround at this time.
60
61	Resolution
62	==========
63
64	All polkit users should upgrade to the latest version:
65
66	# emerge --sync
67	# emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.112"
68
69	All HPLIP users should upgrade to the latest version:
70
71	# emerge --sync
72	# emerge --ask --oneshot --verbose ">=net-print/hplip-3.14.1"
73
74	All Spice-Gtk users should upgrade to the latest version:
75
76	# emerge --sync
77	# emerge --ask --oneshot --verbose ">=net-misc/spice-gtk-0.21"
78
79	All systemd users should upgrade to the latest version:
80
81	# emerge --sync
82	# emerge --ask --oneshot --verbose ">=sys-apps/systemd-204-r1"
83
84	All libvirt users should upgrade to the latest version:
85
86	# emerge --sync
87	# emerge --ask --oneshot --verbose ">=app-emulation/libvirt-1.1.2-r3"
88
89	References
90	==========
91
92	[ 1 ] CVE-2013-4288
93	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4288
94	[ 2 ] CVE-2013-4311
95	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4311
96	[ 3 ] CVE-2013-4324
97	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4324
98	[ 4 ] CVE-2013-4325
99	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4325
100	[ 5 ] CVE-2013-4327
101	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4327
102
103	Availability
104	============
105
106	This GLSA and any updates to it are available for viewing at
107	the Gentoo Security Website:
108
109	http://security.gentoo.org/glsa/glsa-201406-27.xml
110
111	Concerns?
112	=========
113
114	Security is a primary focus of Gentoo Linux and ensuring the
115	confidentiality and security of our users' machines is of utmost
116	importance to us. Any security concerns should be addressed to
117	security@g.o or alternatively, you may file a bug at
118	https://bugs.gentoo.org.
119
120	License
121	=======
122
123	Copyright 2014 Gentoo Foundation, Inc; referenced text
124	belongs to its owner(s).
125
126	The contents of this document are licensed under the
127	Creative Commons - Attribution / Share Alike license.
128
129	http://creativecommons.org/licenses/by-sa/2.5