Bug 836939 (CVE-2013-4326) - VUL-1: CVE-2013-4326: rtkit: polkit-process subject race condition
Summary: VUL-1: CVE-2013-4326: rtkit: polkit-process subject race condition
Status: RESOLVED FIXED
Alias: CVE-2013-4326
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv2:NVD:CVE-2013-4326:4.6:(AV:L/A...
Keywords:
Depends on: CVE-2013-4288
Blocks: CVE-2013-4311 836932
  Show dependency treegraph
 
Reported: 2013-08-27 08:54 UTC by Sebastian Krahmer
Modified: 2019-05-01 16:08 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2013-08-27 08:54:02 UTC 
+++ This bug was initially created as a clone of Bug #835827 +++

This is a place holder for the upcoming polkit pkcheck race fix
which is discussed with upstream.
Comment 1 Swamp Workflow Management 2013-08-27 22:00:22 UTC 
bugbot adjusting priority
Comment 2 Sebastian Krahmer 2013-09-11 06:30:30 UTC 
New CRD is being negotiated and a new CVE:



CVE-2013-4326 rtkit: use of insecure polkit DBUS API
Comment 3 Sebastian Krahmer 2013-09-11 14:36:55 UTC 
New CRD: Sept 18th.
Comment 6 Bernhard Wiedemann 2013-09-27 22:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (836939) was mentioned in
https://build.opensuse.org/request/show/201237 12.3 / rtkit
https://build.opensuse.org/request/show/201238 12.2 / rtkit
Comment 7 Scott Reeves 2013-09-27 22:07:04 UTC 
We probably should update these in more than just factory.

submitted for 12.3 and 12.2 (as shown in comment #6).
Comment 8 Bernhard Wiedemann 2013-10-10 14:00:19 UTC 
This is an autogenerated message for OBS integration:
This bug (836939) was mentioned in
https://build.opensuse.org/request/show/202854 Evergreen:11.2:Test / rtkit
Comment 9 Swamp Workflow Management 2013-10-14 14:05:02 UTC 
openSUSE-SU-2013:1548-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 836939
CVE References: CVE-2013-4326
Sources used:
openSUSE 12.3 (src):    rtkit-0.11_git201205151338-3.4.1
openSUSE 12.2 (src):    rtkit-0.10_git201107141740-9.4.1
Comment 10 Swamp Workflow Management 2013-10-29 00:04:23 UTC 
openSUSE-SU-2013:1597-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 836939
CVE References: CVE-2013-4326
Sources used:
openSUSE 11.4 (src):    rtkit-0.5-12.1
Comment 11 Bernhard Wiedemann 2013-11-01 01:00:12 UTC 
This is an autogenerated message for OBS integration:
This bug (836939) was mentioned in
https://build.opensuse.org/request/show/205484 Evergreen:11.2 / rtkit
Comment 12 systemd maintainers 2013-11-26 10:02:43 UTC 
Also fixed