Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2020-1193)

The remote host is missing an update for the Huawei EulerOS 'polkit' package(s) announced via the EulerOS-SA-2020-1193 advisory.

The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.(CVE-2015-3255) A NULL-pointer dereference flaw was discovered in polkitd. A malicious, local user could exploit this flaw to crash polkitd.(CVE-2015-3218) A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.(CVE-2018-19788) It was found that Polkit's CheckAuthorization and RegisterAuthenticationAgent D-Bus calls did not validate the client provided UID. A specially crafted program could use this flaw to submit arbitrary UIDs, triggering various denial of service or minor disclosures, such as which authentication is cached in the victim's session.(CVE-2018-1116) Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.(CVE-2015-4625)

'polkit' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).