polkit-0.115 released

Miloslav Trmac mitr at redhat.com
Tue Jul 10 14:15:38 UTC 2018


Hello,
polkit-0.115 is now available at
http://www.freedesktop.org/software/polkit/releases/polkit-0.115.tar.gz
http://www.freedesktop.org/software/polkit/releases/polkit-0.115.tar.gz.sign

--------------
polkit 0.115
--------------

WARNING WARNING WARNING: This is a prerelease on the road to polkit
1.0. Public API might change and certain parts of the code still needs
some security review. Use at your own risk.

This is polkit 0.115.

Highlights:
 Fixes CVE-2018-1116, a local information disclosure and denial of service
 caused by trusting client-submitted UIDs when referencing processes.
 Thanks to Matthias Gerstner of the SUSE security team for reporting
 this issue.

Build requirements

 glib, gobject, gio    >= 2.32
 mozjs-52
 gobject-introspection >= 0.6.2 (optional)
 pam (optional)
 ConsoleKit OR systemd

Changes since polkit 0.114:

Miloslav Trmač (1):
      Fix CVE-2018-1116: Trusting client-supplied UID

Ray Strode (3):
      Post-release version bump to 0.115
      jsauthority: pass "%s" format string to remaining report function
      NEWS: fix date from 2017 to 2018 for 0.114 entry

Thanks to our contributors.

Colin Walters and Miloslav Trmač,
July 10, 2018


More information about the polkit-devel mailing list