polkit: fix CVE-2025-7519 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Praveen Kumar <praveen.kumar@windriver.com>	2025-09-26 12:41:06 +0530
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-26 13:17:10 +0200
commit	033f224986c46c111fd3cff4ce4a25b1875b39c3 (patch)
tree	a13d02a5e66c779b4d17ec5b80f17277030a63b1 /meta-python/recipes-devtools/python/python3-dateparser_1.1.0.bb
parent	8846a5a318b6f3d4db90b3aac12c6c3ca9370c61 (diff)
download	meta-openembedded-033f224986c46c111fd3cff4ce4a25b1875b39c3.tar.gz

polkit: fix CVE-2025-7519

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-7519 Upstream-patch: https://github.com/polkit-org/polkit/commit/107d3801361b9f9084f78710178e683391f1d245 Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-dateparser_1.1.0.bb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: