VDB

GCVE-110-MAGEIA-2013-293

GCVE-110-MAGEIA-2013-293
Advisory Published
Vulnetix · Advisory published October 5, 2013
A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges (CVE-2013-4288). Note: Applications that invoke pkcheck with the --process option need to be modified to use the pid,pid-start-time,uid argument for that option, to allow pkcheck to check process authorization correctly. Because of the change in the PolicyKit API, the spice-gtk (CVE-2013-4324), hplip (CVE-2013-4325), rtkit (CVE-2013-4326), and systemd (CVE-2013-4327) packages have been updated to use a different API that is not affected by this PolicyKit vulnerability. The libvirt package will also be updated for the same reason, but this update will come in a separate advisory.

Affected Products

VendorProductVersionsPlatforms
Mageiasystemd0 (affected), 195-22.1.mga3 (unaffected)
Mageiaspice-gtk0.15-3.1.mga3 (unaffected), 0 (affected)
Mageiahplip0 (affected), 3.12.4-1.3.mga2 (unaffected)
Mageiartkit0 (affected), 0.10-3.1.mga2 (unaffected)
Mageiasystemd44-13.1.mga2 (unaffected), 0 (affected)
Mageiahplip0 (affected), 3.12.9-6.1.mga3 (unaffected)
Mageiapolkit0 (affected), 0.107-6.1.mga3 (unaffected)
Mageiartkit0 (affected), 0.11-3.1.mga3 (unaffected)
Mageiapolkit0 (affected), 0.104-4.2.mga2 (unaffected)
Mageiaspice-gtk0 (affected), 0.9-1.2.mga2 (unaffected)

Browse GCVE Records

72,580 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›