polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation

polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation A race condition in polkit could allow a local attacker to gain escalated privileges. polkit spice-gtk systemd hplip libvirt 2014-06-26 2014-06-26 484486 484488 485420 485546 485904 local 3.14.1 3.14.1 0.21 0.21 204-r1 204-r1 1.1.2-r3 1.1.2-r3 0.112 0.112

polkit is a toolkit for managing policies relating to unprivileged processes communicating with privileged processes.

polkit has a race condition which potentially allows a process to change its UID/EUID via suid or pkexec before authentication is completed.

A local attacker could start a suid or pkexec process through a polkit-enabled application, which could result in privilege escalation or bypass of polkit restrictions.

There is no known workaround at this time.

All polkit users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.112"

All HPLIP users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=net-print/hplip-3.14.1"

All Spice-Gtk users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=net-misc/spice-gtk-0.21"

All systemd users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=sys-apps/systemd-204-r1"

All libvirt users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-1.1.2-r3"

CVE-2013-4288 CVE-2013-4311 CVE-2013-4324 CVE-2013-4325 CVE-2013-4327 ackle creffett