On Fri, 2017-03-03 at 13:26 +0000, Johnny Hughes wrote:

CentOS Errata and Bugfix Advisory 2017:0392

Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-0392.html

33395736c057583471a3e8d3554adb014d0d4cd167aa03bad5099c02faad1d38 polkit-0.112-11.el7_3.src.rpm

Note that this update fixes neither the memory leak in the options parsing of the setuid binary pkexec, nor does it fix the memory leaks in pkcheck.

https://googleprojectzero.blogspot.nl/2014/08/the-poisoned-nul-byte-2014-edi... https://bugs.freedesktop.org/show_bug.cgi?id=99626 https://bugzilla.redhat.com/show_bug.cgi?id=1418278 https://bugzilla.redhat.com/show_bug.cgi?id=1418287 https://bugzilla.redhat.com/show_bug.cgi?id=1418824 https://bugzilla.redhat.com/show_bug.cgi?id=1418825

Attached is a fix for these.

Regards, Leonard.