[ALAS2-2019-1171] Amazon Linux 2 2017.12 - ALAS2-2019-1171: important priority package update for polkit
Severity
Important
Affected Packages
10
CVEs
1
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2019-6133:
A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges.
1664212:
CVE-2019-6133 polkit: Temporary auth hijacking via PID reuse and non-atomic fork
Package | Affected Version |
---|---|
pkg:rpm/amazonlinux/polkit?arch=x86_64&distro=amazonlinux-2 | < 0.112-18.amzn2.1 |
pkg:rpm/amazonlinux/polkit?arch=i686&distro=amazonlinux-2 | < 0.112-18.amzn2.1 |
pkg:rpm/amazonlinux/polkit?arch=aarch64&distro=amazonlinux-2 | < 0.112-18.amzn2.1 |
pkg:rpm/amazonlinux/polkit-docs?arch=noarch&distro=amazonlinux-2 | < 0.112-18.amzn2.1 |
pkg:rpm/amazonlinux/polkit-devel?arch=x86_64&distro=amazonlinux-2 | < 0.112-18.amzn2.1 |
pkg:rpm/amazonlinux/polkit-devel?arch=i686&distro=amazonlinux-2 | < 0.112-18.amzn2.1 |
pkg:rpm/amazonlinux/polkit-devel?arch=aarch64&distro=amazonlinux-2 | < 0.112-18.amzn2.1 |
pkg:rpm/amazonlinux/polkit-debuginfo?arch=x86_64&distro=amazonlinux-2 | < 0.112-18.amzn2.1 |
pkg:rpm/amazonlinux/polkit-debuginfo?arch=i686&distro=amazonlinux-2 | < 0.112-18.amzn2.1 |
pkg:rpm/amazonlinux/polkit-debuginfo?arch=aarch64&distro=amazonlinux-2 | < 0.112-18.amzn2.1 |
- ID
- ALAS2-2019-1171
- Severity
- important
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2019-1171.html
- Published
-
2019-03-07T05:58:00
(5 years ago) - Modified
-
2019-03-08T00:44:00
(5 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALPINE:CVE-2019-6133
- ELSA-2019-0230
- ELSA-2019-0420
- ELSA-2019-4708
- ELSA-2019-4710
- openSUSE-SU-2019:1914-1
- RHSA-2019:0230
- RHSA-2019:0420
- SUSE-SU-2019:2018-1
- SUSE-SU-2019:2035-1
- SUSE-SU-2019:2035-2
- SUSE-SU-2020:3503-1
- SUSE-SU-2021:0437-1
- USN-3901-1
- USN-3901-2
- USN-3903-1
- USN-3903-2
- USN-3908-1
- USN-3908-2
- USN-3910-1
- USN-3910-2
- USN-3934-1
- USN-3934-2
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2019-6133 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6133 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/polkit?arch=x86_64&distro=amazonlinux-2 | amazonlinux | polkit | < 0.112-18.amzn2.1 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/polkit?arch=i686&distro=amazonlinux-2 | amazonlinux | polkit | < 0.112-18.amzn2.1 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/polkit?arch=aarch64&distro=amazonlinux-2 | amazonlinux | polkit | < 0.112-18.amzn2.1 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/polkit-docs?arch=noarch&distro=amazonlinux-2 | amazonlinux | polkit-docs | < 0.112-18.amzn2.1 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/polkit-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | polkit-devel | < 0.112-18.amzn2.1 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/polkit-devel?arch=i686&distro=amazonlinux-2 | amazonlinux | polkit-devel | < 0.112-18.amzn2.1 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/polkit-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | polkit-devel | < 0.112-18.amzn2.1 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/polkit-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | polkit-debuginfo | < 0.112-18.amzn2.1 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/polkit-debuginfo?arch=i686&distro=amazonlinux-2 | amazonlinux | polkit-debuginfo | < 0.112-18.amzn2.1 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/polkit-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | polkit-debuginfo | < 0.112-18.amzn2.1 | amazonlinux-2 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |