{"id":"MGASA-2013-0293","summary":"Updated polkit package and the packages that call polkit fixes security vulnerability","details":"A race condition was found in the way the PolicyKit pkcheck utility\nchecked process authorization when the process was specified by its\nprocess ID via the --process option. A local user could use this flaw to\nbypass intended PolicyKit authorizations and escalate their privileges\n(CVE-2013-4288).\n\nNote: Applications that invoke pkcheck with the --process option need to\nbe modified to use the pid,pid-start-time,uid argument for that option, to\nallow pkcheck to check process authorization correctly.\n\nBecause of the change in the PolicyKit API, the spice-gtk (CVE-2013-4324),\nhplip (CVE-2013-4325), rtkit (CVE-2013-4326), and systemd (CVE-2013-4327)\npackages have been updated to use a different API that is not affected by\nthis PolicyKit vulnerability.  The libvirt package will also be updated\nfor the same reason, but this update will come in a separate advisory.\n","modified":"2026-04-16T06:24:12.682952618Z","published":"2013-10-05T17:53:02Z","upstream":["CVE-2013-4288","CVE-2013-4324","CVE-2013-4325","CVE-2013-4326","CVE-2013-4327"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0293.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=11260"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2013-1270.html"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2013-1273.html"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2013-1274.html"},{"type":"WEB","url":"http://www.ubuntu.com/usn/usn-1959-1/"},{"type":"WEB","url":"http://www.ubuntu.com/usn/usn-1961-1/"}],"affected":[{"package":{"name":"polkit","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/polkit?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.104-4.2.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0293.json"}},{"package":{"name":"spice-gtk","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/spice-gtk?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9-1.2.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0293.json"}},{"package":{"name":"hplip","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/hplip?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.4-1.3.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0293.json"}},{"package":{"name":"rtkit","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/rtkit?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10-3.1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0293.json"}},{"package":{"name":"systemd","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/systemd?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"44-13.1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0293.json"}},{"package":{"name":"polkit","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/polkit?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.107-6.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0293.json"}},{"package":{"name":"spice-gtk","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/spice-gtk?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.15-3.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0293.json"}},{"package":{"name":"hplip","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/hplip?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.9-6.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0293.json"}},{"package":{"name":"rtkit","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/rtkit?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.11-3.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0293.json"}},{"package":{"name":"systemd","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/systemd?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"195-22.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0293.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}