Issued:

2014-10-13

Updated:

2014-10-13

RHBA-2014:1533 - polkit bug fix and enhancement update

Synopsis

polkit bug fix and enhancement update

Type/Severity

Bug Fix Advisory (none)

Topic

The updated polkit packages that fix several bugs and add two enhancements are now available for Red Hat Enterprise Linux 6.

Description

PolicyKit is a toolkit for defining and handling authorizations.

This update fixes the following bugs:

• Previously, running the pkaction command with invalid arguments opened the corresponding manual page instead of generating a warning, or giving any other indication of erroneous behavior. With this update, the user is informed by an error message. (BZ#628862)

• Prior to this update, in PolicyKit local authority, the order of processing configuration files within a directory depended only on file system specifics. The ordering has been made consistent to avoid surprising changes in behavior but remains unspecified and may change in future updates of Red Hat Enterprise Linux; use the documented ordering of directory names if your configuration relies on ordering of the .pkla configuration files. (BZ#864613)

• Prior to this update, if a process subject to an authorization query became a zombie before completing the authorization, the polkitd daemon could terminate unexpectedly. Handling of zombie processes has been improved to fix this crash. (BZ#1132830)

In addition, this update adds the following enhancements:

• With this update, all polkit binary files have been compiled with the RELRO option, and where applicable, with the PIE option, to increase resilience against various attacks. (BZ#927406)

• With this update, more flexibility in polkit rules is allowed. In addition to the existing “unix-user:" and “unix-group:” identity specifications, a new specification “default” can be used to specify authorization result for users that do not match either of the ”unix-user:” or “unix-group:” specifications. (BZ#812684)

Users of polkit are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

Affected Products

Updated Packages

• polkit-devel-0.96-7.el6.ppc.rpm
• polkit-docs-0.96-7.el6.s390x.rpm
• polkit-0.96-7.el6.x86_64.rpm
• polkit-devel-0.96-7.el6.s390x.rpm
• polkit-devel-0.96-7.el6.ppc64.rpm
• polkit-0.96-7.el6.src.rpm
• polkit-debuginfo-0.96-7.el6.ppc.rpm
• polkit-0.96-7.el6.ppc.rpm
• polkit-0.96-7.el6.s390x.rpm
• polkit-docs-0.96-7.el6.i686.rpm
• polkit-desktop-policy-0.96-7.el6.noarch.rpm
• polkit-0.96-7.el6.ppc64.rpm
• polkit-debuginfo-0.96-7.el6.x86_64.rpm
• polkit-docs-0.96-7.el6.x86_64.rpm
• polkit-0.96-7.el6.i686.rpm
• polkit-debuginfo-0.96-7.el6.s390x.rpm
• polkit-devel-0.96-7.el6.x86_64.rpm
• polkit-debuginfo-0.96-7.el6.i686.rpm
• polkit-docs-0.96-7.el6.ppc64.rpm
• polkit-0.96-7.el6.s390.rpm
• polkit-devel-0.96-7.el6.i686.rpm
• polkit-devel-0.96-7.el6.s390.rpm
• polkit-debuginfo-0.96-7.el6.ppc64.rpm
• polkit-debuginfo-0.96-7.el6.s390.rpm

Fixes

• This content is not included.BZ - 628862
• This content is not included.BZ - 812684
• This content is not included.BZ - 864613

CVEs

(none)

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.