ID de Prueba:	1.3.6.1.4.1.25623.1.0.850996
Categoría:	SuSE Local Security Checks
Título:	openSUSE: Security Advisory for polkit (openSUSE-SU-2015:1734-1)
Resumen:	The remote host is missing an update for the 'polkit'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'polkit' package(s) announced via the referenced advisory. Vulnerability Insight: Polkit was updated to 0.113 to fix four security issues. The following vulnerabilities were fixed: * CVE-2015-4625: a local privilege escalation due to predictable authentication session cookie values. (boo#935119) * CVE-2015-3256: various memory corruption vulnerabilities in use of the JavaScript interpreter, possibly leading to local privilege escalation. (boo#943816) * CVE-2015-3255: a memory corruption vulnerability in handling duplicate action IDs, possibly leading to local privilege escalation. (boo#939246) * CVE-2015-3218: Allowed any local user to crash polkitd. (boo#933922) Affected Software/OS: polkit on openSUSE 13.2, openSUSE 13.1 Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3218 BugTraq ID: 76086 http://www.securityfocus.com/bid/76086 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html http://www.securitytracker.com/id/1035023 SuSE Security Announcement: openSUSE-SU-2015:1734 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html SuSE Security Announcement: openSUSE-SU-2015:1927 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html https://usn.ubuntu.com/3717-1/ Common Vulnerability Exposure (CVE) ID: CVE-2015-3255 https://security.gentoo.org/glsa/201611-07 https://usn.ubuntu.com/3717-2/ Common Vulnerability Exposure (CVE) ID: CVE-2015-3256 BugTraq ID: 77356 http://www.securityfocus.com/bid/77356 RedHat Security Advisories: RHSA-2016:0189 http://rhn.redhat.com/errata/RHSA-2016-0189.html Common Vulnerability Exposure (CVE) ID: CVE-2015-4625 BugTraq ID: 75267 http://www.securityfocus.com/bid/75267 http://www.openwall.com/lists/oss-security/2015/06/08/3 http://www.openwall.com/lists/oss-security/2015/06/09/1 http://www.openwall.com/lists/oss-security/2015/06/16/21 http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.