[SECURITY] [DLA 1644-1] policykit-1 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : policykit-1
Version : 0.105-15~deb8u4
CVE ID : CVE-2018-19788 CVE-2019-6133
Two vulnerabilities were found in Policykit, a framework for managing
administrative policies and privileges:
CVE-2018-19788
It was discovered that incorrect processing of very high UIDs in
Policykit could result in authentication bypass.
CVE-2019-6133
Jann Horn of Google found that Policykit doesn't properly check
if a process is already authenticated, which can lead to an
authentication reuse by a different user.
For Debian 8 "Jessie", these problems have been fixed in version
0.105-15~deb8u4.
We recommend that you upgrade your policykit-1 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxO/fwACgkQnUbEiOQ2
gwJcUg//fmu03pDkHkhW6dXIDiMsdBhP/17aVNQqgo+SRUKeHVE4WG1V4pP34cs6
gYyk38oS6NOIEZ2gs0uOeXmvupuFnf56bhIX4ZN2ndRoLep1pC2e3nHbmrG1Ivrd
v16EkxCqerOjSizPlo03MzzgJg3e0745o1StObNEdbk2PHJ8rahc7D9ZaaGO/2Zq
apoP0byB6unsnTTW6UVke4ou1c/OY1B7E7ZGtbdPEcZyheM89m5Hu2GODb7xqwIx
GRSFa7s56ulKLfiDaFW5P0+PSg0RGqZm8W/kxOK+Ku4Q6LF352K7rOSWBHF+z0pz
JUDmZbcZ570VmyfFy7pwRkO2RSr78WI4BIfIlBEMvw0fPzgRbVPegcbF9aJVJU+r
PjRK05P3fLC6odl7aAupSv4M/SN/K+nxw0rUr95JHa/XQTfx7djHDhh7WodpI1bt
fNCyr1Lew7A3351GJU5Y4vcrs/GGyHSS6yL/+x+kD4jKFGYw7vCYFEWL+m1pHg3Y
jcTyvRopkuffZ7wv7nWPbyaf3uOYr1qb9DFqS+HkmV2qMIxdkO5wbE9+jvie6Gsu
q8neH1Q5gGpRDq3C6nkWHlDnIAuS7tQEnnBpRhu0lPaYSO5CECH6d/NaFQw0Dyal
abwI1rSiOeDOWReoSF62Fy+hIIY4GV1pinaV+hSHjyj/Wydw4/I=
=APCW
-----END PGP SIGNATURE-----
Reply to: