Security update for polkit SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:4282-1 Final 1 1 2018-12-28T16:49:42Z current 2018-12-28T16:49:42Z 2018-12-28T16:49:42Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for polkit This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT (boo#1118277) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00069.html E-Mail link for openSUSE-SU-2018:4282-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libpolkit0-0.113-14.6.1 libpolkit0-32bit-0.113-14.6.1 polkit-0.113-14.6.1 polkit-devel-0.113-14.6.1 polkit-doc-0.113-14.6.1 typelib-1_0-Polkit-1_0-0.113-14.6.1 libpolkit0-0.113-14.6.1 as a component of openSUSE Leap 42.3 libpolkit0-32bit-0.113-14.6.1 as a component of openSUSE Leap 42.3 polkit-0.113-14.6.1 as a component of openSUSE Leap 42.3 polkit-devel-0.113-14.6.1 as a component of openSUSE Leap 42.3 polkit-doc-0.113-14.6.1 as a component of openSUSE Leap 42.3 typelib-1_0-Polkit-1_0-0.113-14.6.1 as a component of openSUSE Leap 42.3 A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. CVE-2018-19788 openSUSE Leap 42.3:libpolkit0-0.113-14.6.1 openSUSE Leap 42.3:libpolkit0-32bit-0.113-14.6.1 openSUSE Leap 42.3:polkit-0.113-14.6.1 openSUSE Leap 42.3:polkit-devel-0.113-14.6.1 openSUSE Leap 42.3:polkit-doc-0.113-14.6.1 openSUSE Leap 42.3:typelib-1_0-Polkit-1_0-0.113-14.6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00069.html https://www.suse.com/security/cve/CVE-2018-19788.html CVE-2018-19788 https://bugzilla.suse.com/1118274 SUSE Bug 1118274 https://bugzilla.suse.com/1118277 SUSE Bug 1118277 https://bugzilla.suse.com/1119056 SUSE Bug 1119056 https://bugzilla.suse.com/1126909 SUSE Bug 1126909