Launchpad CVE tracker

CVE 2013-4327

systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

Related bugs and status

CVE-2013-4327 (Candidate) is related to these bugs:

Bug #1227520: Timezone changes are not working due to ro /etc and bind mounts

		In	Importance	Status
1227520	Timezone changes are not working due to ro /etc and bind mounts	ubuntu-system-settings (Ubuntu)	High	Invalid
1227520	Timezone changes are not working due to ro /etc and bind mounts	systemd (Ubuntu)	High	Fix Released
1227520	Timezone changes are not working due to ro /etc and bind mounts	livecd-rootfs (Ubuntu)	Undecided	Fix Released
1227520	Timezone changes are not working due to ro /etc and bind mounts	lxc-android-config (Ubuntu)	Undecided	Fix Released
1227520	Timezone changes are not working due to ro /etc and bind mounts	initramfs-tools-ubuntu-touch (Ubuntu)	Undecided	Fix Released
1227520	Timezone changes are not working due to ro /etc and bind mounts	android (Ubuntu)	Undecided	Fix Released
1227520	Timezone changes are not working due to ro /etc and bind mounts	apparmor (Ubuntu)	High	Fix Released

Bug #1229936: [keymap] Samsung Ativ 9 Plus backlight keys are not working

Summary				In	Importance	Status
	1229936	[keymap] Samsung Ativ 9 Plus backlight keys are not working		systemd (Ubuntu)	Undecided	Fix Released

Bug #1231230: [udev] Rescue on server image fails to detect partitions

Summary				In	Importance	Status
	1231230	[udev] Rescue on server image fails to detect partitions		systemd (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-4327

References