[Secure-testing-team] Bug#816062: policykit-1: CVE-2016-2568: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl
Salvatore Bonaccorso
carnil at debian.org
Sat Feb 27 05:28:27 UTC 2016
Source: policykit-1
Version: 0.105-14.1
Severity: important
Tags: security upstream
Hi Martin, hi Michael,
the following vulnerability was published for policykit-1, and opening
this bug report to track the issue as well in the BTS.
CVE-2016-2568[0]:
|Program run via pkexec as unprivileged user can escape to parent
|session via TIOCSTI ioctl
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-2568
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1300746
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1299955
Please adjust the affected versions in the BTS as needed. I have only
checked unstable.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list