Following issue was reported in https://bugs.freedesktop.org/show_bug.cgi?id=90837 : """ The "cookie" value that Polkit hands out is global to all polkit users. And when `AuthenticationAgentResponse` is invoked, we previously only received the cookie and target identity, and attempted to find an agent from that. The problem is that the current cookie is just an integer counter, and if it overflowed, it would be possible for an successful authorization in one session to trigger a response in another session. """ Upstream fixes: http://cgit.freedesktop.org/polkit/commit/?id=493aa5dc1d278ab9097110c1262f5229bbaf1766 http://cgit.freedesktop.org/polkit/commit/?id=fb5076b7c05d01a532d593a4079a29cf2d63a228 This CVE also covers the issue reported in https://bugs.freedesktop.org/show_bug.cgi?id=90832 , see http://openwall.com/lists/oss-security/2015/06/16/21
Created polkit tracking bugs for this issue: Affects: fedora-all [bug 1233810]
polkit-0.113-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
polkit-0.113-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.