Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2019:2046 - Security Advisory
Issued:
2019-08-06
Updated:
2019-08-06

RHSA-2019:2046 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: polkit security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for polkit is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.

Security Fix(es):

  • polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass (CVE-2018-19788)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 1655925 - CVE-2018-19788 polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass

CVEs

  • CVE-2018-19788

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
polkit-0.112-22.el7.src.rpm SHA-256: 3715e7dc8c7e38d11e19735dc45d7eebc652ff6fce6a58556aae2b7e4b5d80f1
x86_64
polkit-0.112-22.el7.i686.rpm SHA-256: b6ed3dec72a6994807f7636c94a72c591b5d4effda27393b99eb6b3f02b9e4e0
polkit-0.112-22.el7.x86_64.rpm SHA-256: 68fc010363db5aa4a47a92e854f73f36b7f6dc09fc46c448ec9e7041e3b119d0
polkit-debuginfo-0.112-22.el7.i686.rpm SHA-256: 1a6ae0c140b206253477e26abc0b10216038eb0d8da2b377af6ee7d135732583
polkit-debuginfo-0.112-22.el7.x86_64.rpm SHA-256: aeef4f215dbb532542d7a6779ee90dabcdb2c6094fa0f0b4eb8e92bd7c342471
polkit-devel-0.112-22.el7.i686.rpm SHA-256: cb47ce4a57c4ee86325561d5c740e57abcee948b3490965ee5034ce47fdb38f2
polkit-devel-0.112-22.el7.x86_64.rpm SHA-256: 9a41e4a7095d945ee5fefa82b34ac8541417cfba090648841b561140d4946726
polkit-docs-0.112-22.el7.noarch.rpm SHA-256: 2b38a67f43abb4ee4a1ac7405880815885c5fc0dde58a523a792c6c508f40cf6

Red Hat Enterprise Linux Workstation 7

SRPM
polkit-0.112-22.el7.src.rpm SHA-256: 3715e7dc8c7e38d11e19735dc45d7eebc652ff6fce6a58556aae2b7e4b5d80f1
x86_64
polkit-0.112-22.el7.i686.rpm SHA-256: b6ed3dec72a6994807f7636c94a72c591b5d4effda27393b99eb6b3f02b9e4e0
polkit-0.112-22.el7.x86_64.rpm SHA-256: 68fc010363db5aa4a47a92e854f73f36b7f6dc09fc46c448ec9e7041e3b119d0
polkit-debuginfo-0.112-22.el7.i686.rpm SHA-256: 1a6ae0c140b206253477e26abc0b10216038eb0d8da2b377af6ee7d135732583
polkit-debuginfo-0.112-22.el7.x86_64.rpm SHA-256: aeef4f215dbb532542d7a6779ee90dabcdb2c6094fa0f0b4eb8e92bd7c342471
polkit-devel-0.112-22.el7.i686.rpm SHA-256: cb47ce4a57c4ee86325561d5c740e57abcee948b3490965ee5034ce47fdb38f2
polkit-devel-0.112-22.el7.x86_64.rpm SHA-256: 9a41e4a7095d945ee5fefa82b34ac8541417cfba090648841b561140d4946726
polkit-docs-0.112-22.el7.noarch.rpm SHA-256: 2b38a67f43abb4ee4a1ac7405880815885c5fc0dde58a523a792c6c508f40cf6

Red Hat Enterprise Linux Desktop 7

SRPM
polkit-0.112-22.el7.src.rpm SHA-256: 3715e7dc8c7e38d11e19735dc45d7eebc652ff6fce6a58556aae2b7e4b5d80f1
x86_64
polkit-0.112-22.el7.i686.rpm SHA-256: b6ed3dec72a6994807f7636c94a72c591b5d4effda27393b99eb6b3f02b9e4e0
polkit-0.112-22.el7.x86_64.rpm SHA-256: 68fc010363db5aa4a47a92e854f73f36b7f6dc09fc46c448ec9e7041e3b119d0
polkit-debuginfo-0.112-22.el7.i686.rpm SHA-256: 1a6ae0c140b206253477e26abc0b10216038eb0d8da2b377af6ee7d135732583
polkit-debuginfo-0.112-22.el7.i686.rpm SHA-256: 1a6ae0c140b206253477e26abc0b10216038eb0d8da2b377af6ee7d135732583
polkit-debuginfo-0.112-22.el7.x86_64.rpm SHA-256: aeef4f215dbb532542d7a6779ee90dabcdb2c6094fa0f0b4eb8e92bd7c342471
polkit-debuginfo-0.112-22.el7.x86_64.rpm SHA-256: aeef4f215dbb532542d7a6779ee90dabcdb2c6094fa0f0b4eb8e92bd7c342471
polkit-devel-0.112-22.el7.i686.rpm SHA-256: cb47ce4a57c4ee86325561d5c740e57abcee948b3490965ee5034ce47fdb38f2
polkit-devel-0.112-22.el7.x86_64.rpm SHA-256: 9a41e4a7095d945ee5fefa82b34ac8541417cfba090648841b561140d4946726
polkit-docs-0.112-22.el7.noarch.rpm SHA-256: 2b38a67f43abb4ee4a1ac7405880815885c5fc0dde58a523a792c6c508f40cf6

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
polkit-0.112-22.el7.src.rpm SHA-256: 3715e7dc8c7e38d11e19735dc45d7eebc652ff6fce6a58556aae2b7e4b5d80f1
s390x
polkit-0.112-22.el7.s390.rpm SHA-256: c600132df5fd38a608e166cae28c44a21e5a5de49e180d7757841986b213fec0
polkit-0.112-22.el7.s390x.rpm SHA-256: 6dc748fcdc7f323d4da79b724d4b27104f92256b0d5ffedd75ba8d73cd5c90ae
polkit-debuginfo-0.112-22.el7.s390.rpm SHA-256: d60275096ad45e4166c4f21d856fbcc9277862103561e47b1ca2d337f664fd4a
polkit-debuginfo-0.112-22.el7.s390x.rpm SHA-256: 55ab041c6b7401bedbdab840f6f5ba5adbc514cb5362872dc981e970898368c5
polkit-devel-0.112-22.el7.s390.rpm SHA-256: c3f4f75a1227cb883a09b068373f4cac5883399f11410411a2507bf52fc04949
polkit-devel-0.112-22.el7.s390x.rpm SHA-256: 3484ee77058b6aac3b8e8f1e8c2be89ab74fd6aba0e94232639cfa866bddbbaf
polkit-docs-0.112-22.el7.noarch.rpm SHA-256: 2b38a67f43abb4ee4a1ac7405880815885c5fc0dde58a523a792c6c508f40cf6

Red Hat Enterprise Linux for Power, big endian 7

SRPM
polkit-0.112-22.el7.src.rpm SHA-256: 3715e7dc8c7e38d11e19735dc45d7eebc652ff6fce6a58556aae2b7e4b5d80f1
ppc64
polkit-0.112-22.el7.ppc.rpm SHA-256: 4931d9e458619795524ef4c3425557c28ceab849a9379790772b84d402a3061b
polkit-0.112-22.el7.ppc64.rpm SHA-256: 62d08daed2e70380595328c9122ee3afcbe22b0a6deb62c5b57fb743b9740661
polkit-debuginfo-0.112-22.el7.ppc.rpm SHA-256: 98d436f5716160f77893f4f3be05d5ae4019b754ed22b3895d211b573a2e0be2
polkit-debuginfo-0.112-22.el7.ppc64.rpm SHA-256: b07c65c549c280434322444de877e57adac5a08aa575df9095615bd550b754ca
polkit-devel-0.112-22.el7.ppc.rpm SHA-256: 8e0354451d2ec67b76d23558caa86d3db114e73ef0ad55605cb044a93eafa20d
polkit-devel-0.112-22.el7.ppc64.rpm SHA-256: 24a96bda58c27cbc5ac76d7a3013e0cbb574fbcf15cadc87931016ae44f07823
polkit-docs-0.112-22.el7.noarch.rpm SHA-256: 2b38a67f43abb4ee4a1ac7405880815885c5fc0dde58a523a792c6c508f40cf6

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
polkit-0.112-22.el7.src.rpm SHA-256: 3715e7dc8c7e38d11e19735dc45d7eebc652ff6fce6a58556aae2b7e4b5d80f1
x86_64
polkit-0.112-22.el7.i686.rpm SHA-256: b6ed3dec72a6994807f7636c94a72c591b5d4effda27393b99eb6b3f02b9e4e0
polkit-0.112-22.el7.x86_64.rpm SHA-256: 68fc010363db5aa4a47a92e854f73f36b7f6dc09fc46c448ec9e7041e3b119d0
polkit-debuginfo-0.112-22.el7.i686.rpm SHA-256: 1a6ae0c140b206253477e26abc0b10216038eb0d8da2b377af6ee7d135732583
polkit-debuginfo-0.112-22.el7.i686.rpm SHA-256: 1a6ae0c140b206253477e26abc0b10216038eb0d8da2b377af6ee7d135732583
polkit-debuginfo-0.112-22.el7.x86_64.rpm SHA-256: aeef4f215dbb532542d7a6779ee90dabcdb2c6094fa0f0b4eb8e92bd7c342471
polkit-debuginfo-0.112-22.el7.x86_64.rpm SHA-256: aeef4f215dbb532542d7a6779ee90dabcdb2c6094fa0f0b4eb8e92bd7c342471
polkit-devel-0.112-22.el7.i686.rpm SHA-256: cb47ce4a57c4ee86325561d5c740e57abcee948b3490965ee5034ce47fdb38f2
polkit-devel-0.112-22.el7.x86_64.rpm SHA-256: 9a41e4a7095d945ee5fefa82b34ac8541417cfba090648841b561140d4946726
polkit-docs-0.112-22.el7.noarch.rpm SHA-256: 2b38a67f43abb4ee4a1ac7405880815885c5fc0dde58a523a792c6c508f40cf6

Red Hat Enterprise Linux for Power, little endian 7

SRPM
polkit-0.112-22.el7.src.rpm SHA-256: 3715e7dc8c7e38d11e19735dc45d7eebc652ff6fce6a58556aae2b7e4b5d80f1
ppc64le
polkit-0.112-22.el7.ppc64le.rpm SHA-256: bce7593022aba0fc4827774c0e715c3b20403f335cfde30c437482e525711b51
polkit-debuginfo-0.112-22.el7.ppc64le.rpm SHA-256: b20133d4c08929f0f954a3726dd062e489b3b710d772fa5c11fd392719971251
polkit-devel-0.112-22.el7.ppc64le.rpm SHA-256: 8514bf056c74d753184df14ceb49d16420848015a6a5a38ac3f11ec527181f27
polkit-docs-0.112-22.el7.noarch.rpm SHA-256: 2b38a67f43abb4ee4a1ac7405880815885c5fc0dde58a523a792c6c508f40cf6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter