← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

PublicDateAtUSN: 2013-09-18
Candidate: CVE-2013-1066
PublicDate: 2013-10-03
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1066
 http://www.ubuntu.com/usn/usn-1958-1
Description:
 language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x
 before 0.79.4 does not properly use D-Bus for communication with a polkit
 authority, which allows local users to bypass intended access restrictions
 by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1)
 setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 

Patches_language-selector:
upstream_language-selector: needs-triage
lucid_language-selector: not-affected (code not present)
precise_language-selector: released (0.79.4)
quantal_language-selector: released (0.90.1)
raring_language-selector: released (0.110.1)
devel_language-selector: released (0.115)