安全公告详情

NS-SA-2019-0207

2019-10-14 19:29:28

简介

moderate: polkit/libwpd security update

严重级别

moderate

主题

An update for polkit/libwpd is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

polkit: polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes.
libwpd: libwpd is a library for import of WordPerfect documents.


Security Fix(es):
polkit: A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.(CVE-2018-19788)
polkit: bugfix
libwpd: In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.(CVE-2018-19208)
libwpd: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F18.

影响组件

  • polkit
  • libwpd

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["polkit-0.112-22.el7.x86_64.rpm","polkit-debuginfo-0.112-22.el7.x86_64.rpm","polkit-devel-0.112-22.el7.x86_64.rpm","polkit-docs-0.112-22.el7.noarch.rpm"],"source":"polkit-0.112-22.el7.src.rpm"},{"binary":["libwpd-0.10.0-2.el7.x86_64.rpm","libwpd-debuginfo-0.10.0-2.el7.x86_64.rpm","libwpd-devel-0.10.0-2.el7.x86_64.rpm","libwpd-doc-0.10.0-2.el7.noarch.rpm","libwpd-tools-0.10.0-2.el7.x86_64.rpm"],"source":"libwpd-0.10.0-2.el7.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["polkit-0.112-22.el7.x86_64.rpm","polkit-debuginfo-0.112-22.el7.x86_64.rpm","polkit-devel-0.112-22.el7.x86_64.rpm","polkit-docs-0.112-22.el7.noarch.rpm"],"source":"polkit-0.112-22.el7.src.rpm"},{"binary":["libwpd-0.10.0-2.el7.x86_64.rpm","libwpd-debuginfo-0.10.0-2.el7.x86_64.rpm","libwpd-devel-0.10.0-2.el7.x86_64.rpm","libwpd-doc-0.10.0-2.el7.noarch.rpm","libwpd-tools-0.10.0-2.el7.x86_64.rpm"],"source":"libwpd-0.10.0-2.el7.src.rpm"}]}]}

CVE

参考