[Pkg-utopia-maintainers] Bug#1132234: Processed: reassign 1132234 to src:policykit-1
Michael Biebl
biebl at debian.org
Sun Mar 29 20:27:19 BST 2026
Am 29.03.26 um 20:46 schrieb Salvatore Bonaccorso:
> Hi,
>
> On Sun, Mar 29, 2026 at 06:28:57PM +0200, Michael Biebl wrote:
>> Hi Salvatore,
>>
>> if I read https://bugzilla.redhat.com/show_bug.cgi?id=2451739 correctly,
>> only versions newer than 0.113 are affected.
>> Could you update the info in the security tracker accordingly?
>>
>> And for unstable/testing: there we use systemd socket activation (for
>> systemd users), so those users should not be affected, right?
>
> But still versions are affected, because the commit
> https://github.com/polkit-org/polkit/commit/ea544ffc18405237ccd95d28d7f45afef49aca17
> which introduces the codepath as far I can see is the fix for
> CVE-2015-4625, or let's say part of it, which we have picked up as
> well. But I will make clear the relation to the above commit and the
> fix for CVE-2015-4625.
Ah, you are right. This change was applied in 0.105-12.
> The CVE is still bit confusing, and with reaching out to you with a
> bug report was in hope we can properly assess it. I think to
> understand it does not need a DSA, but it is still not clear to me
> when the issue can be triggered, in particular given it is still
> setuid in trixie. Sourcewise it is still as well present in unstable,
> bu we have no easy way to mark soemthing "unimportant" just for
> unstable and not for the older suites.
>
> For unstable/trixie i right now do not see an urgency either (given we
> do not ship it anymore setuid and as you say we have systemd socket
> activation), but mark it fixed once the source-wise fix is applied.
>
> But we still need to properly assess the issue. I was neither able to
> directly trigger the problem on a trixie host. Again, that said need
> to look closer yet.
I needed to increase 200000000 to trigger anything and this lead to the
python process being OOM killed.
See attached journal
-------------- next part --------------
Mär 29 21:22:17 debian polkit-agent-helper-1[819]: pam_unix(polkit-1:auth): auth could not identify password for [michael]
Mär 29 21:22:17 debian polkit-agent-helper-1[819]: pam_unix(polkit-1:auth): conversation failed
Mär 29 21:22:15 debian systemd[1]: session-3.scope: A process of this unit has been killed by the OOM killer.
Mär 29 21:22:15 debian kernel: Out of memory: Killed process 818 (python3) total-vm:993056kB, anon-rss:191884kB, file-rss:4kB, shmem-rss:0kB, UID:1000 pgtables:1976kB oom_score_adj:0
Mär 29 21:22:15 debian kernel: oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/user.slice/user-1000.slice/session-3.scope,task=python3,pid=818,uid=1000
Mär 29 21:22:15 debian kernel: [ 819] 1000 819 134244 48106 843776 47327 0 polkit-agent-he
Mär 29 21:22:15 debian kernel: [ 818] 1000 818 248264 47972 2023424 196829 0 python3
Mär 29 21:22:15 debian kernel: [ 814] 0 814 2944 39 65536 507 0 top
Mär 29 21:22:15 debian kernel: [ 808] 1000 808 1995 1 61440 355 0 bash
Mär 29 21:22:15 debian kernel: [ 802] 1000 802 42247 10 94208 793 100 (sd-pam)
Mär 29 21:22:15 debian kernel: [ 801] 1000 801 4729 4 81920 410 100 systemd
Mär 29 21:22:15 debian kernel: [ 554] 0 554 1533 1 49152 125 0 login
Mär 29 21:22:15 debian kernel: [ 546] 0 546 2001 1 53248 330 0 bash
Mär 29 21:22:15 debian kernel: [ 540] 0 540 42163 9 94208 731 100 (sd-pam)
Mär 29 21:22:15 debian kernel: [ 539] 0 539 4722 25 77824 394 100 systemd
Mär 29 21:22:15 debian kernel: [ 522] 0 522 1533 10 53248 120 0 login
Mär 29 21:22:15 debian kernel: [ 519] 0 519 4308 42 69632 248 0 systemd-logind
Mär 29 21:22:15 debian kernel: [ 518] 0 518 20062 13 61440 57 0 qemu-ga
Mär 29 21:22:15 debian kernel: [ 516] 100 516 2342 38 61440 164 -900 dbus-daemon
Mär 29 21:22:15 debian kernel: [ 515] 0 515 1654 2 57344 60 0 cron
Mär 29 21:22:15 debian kernel: [ 337] 0 337 1469 12 49152 197 0 dhclient
Mär 29 21:22:15 debian kernel: [ 318] 997 318 22526 6 77824 230 0 systemd-timesyn
Mär 29 21:22:15 debian kernel: [ 260] 0 260 6859 0 77824 528 -1000 systemd-udevd
Mär 29 21:22:15 debian kernel: [ 231] 0 231 10309 30 90112 242 -250 systemd-journal
Mär 29 21:22:15 debian kernel: [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name
Mär 29 21:22:15 debian kernel: Tasks state (memory values in pages):
Mär 29 21:22:15 debian kernel: 0 pages hwpoisoned
Mär 29 21:22:15 debian kernel: 13898 pages reserved
Mär 29 21:22:15 debian kernel: 0 pages HighMem/MovableOnly
Mär 29 21:22:15 debian kernel: 130938 pages RAM
Mär 29 21:22:15 debian kernel: Total swap = 998396kB
Mär 29 21:22:15 debian kernel: Free swap = 0kB
Mär 29 21:22:15 debian kernel: 820 pages in swap cache
Mär 29 21:22:15 debian kernel: 1903 total pagecache pages
Mär 29 21:22:15 debian kernel: Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Mär 29 21:22:15 debian kernel: Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Mär 29 21:22:15 debian kernel: Node 0 DMA32: 144*4kB (UME) 115*8kB (UME) 39*16kB (UME) 18*32kB (UME) 2*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2824kB
Mär 29 21:22:15 debian kernel: Node 0 DMA: 5*4kB (U) 7*8kB (UE) 2*16kB (U) 6*32kB (UME) 2*64kB (ME) 2*128kB (UE) 2*256kB (UE) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 1708kB
Mär 29 21:22:15 debian kernel: lowmem_reserve[]: 0 0 0 0 0
Mär 29 21:22:15 debian kernel: Node 0 DMA32 free:2512kB boost:0kB min:2524kB low:3152kB high:3780kB reserved_highatomic:0KB active_anon:183256kB inactive_anon:192436kB active_file:12kB inactive_file:248kB unevictable:4000kB writepending:0kB present:507760kB managed:452800kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
Mär 29 21:22:15 debian kernel: lowmem_reserve[]: 0 404 404 404 404
Mär 29 21:22:15 debian kernel: Node 0 DMA free:1708kB boost:0kB min:92kB low:112kB high:132kB reserved_highatomic:0KB active_anon:10240kB inactive_anon:3200kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
Mär 29 21:22:15 debian kernel: Node 0 active_anon:193340kB inactive_anon:195676kB active_file:100kB inactive_file:96kB unevictable:4000kB isolated(anon):0kB isolated(file):0kB mapped:40kB dirty:0kB writeback:0kB shmem:4108kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:1856kB pagetables:3860kB sec_pagetables:0kB all_unreclaimable? yes
Mär 29 21:22:15 debian kernel: active_anon:48335 inactive_anon:48919 isolated_anon:0
active_file:25 inactive_file:24 isolated_file:0
unevictable:1000 dirty:0 writeback:0
slab_reclaimable:4502 slab_unreclaimable:5456
mapped:10 shmem:1027 pagetables:965
sec_pagetables:0 bounce:0
kernel_misc_reclaimable:0
free:1055 free_pcp:0 free_cma:0
Mär 29 21:22:15 debian kernel: Mem-Info:
Mär 29 21:22:15 debian kernel: </TASK>
Mär 29 21:22:15 debian kernel: R13: 0000000000000000 R14: 0000000017440000 R15: 0000000000001000
Mär 29 21:22:15 debian kernel: R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffd30f14b38
Mär 29 21:22:15 debian kernel: RBP: 0000000017440000 R08: 000056474c6203a0 R09: 0000000000000000
Mär 29 21:22:15 debian kernel: RDX: 0000000000001000 RSI: 000000000000000a RDI: 000056474c6203a0
Mär 29 21:22:15 debian kernel: RAX: 0000000000000041 RBX: 00007f7b41844a80 RCX: 00007f7b4176929d
Mär 29 21:22:15 debian kernel: RSP: 002b:00007ffd30f14ac8 EFLAGS: 00010206
Mär 29 21:22:15 debian kernel: Code: Unable to access opcode bytes at 0x7f7b417d4596.
Mär 29 21:22:15 debian kernel: RIP: 0033:0x7f7b417d45c0
Mär 29 21:22:15 debian kernel: asm_exc_page_fault+0x22/0x30
Mär 29 21:22:15 debian kernel: exc_page_fault+0x70/0x170
Mär 29 21:22:15 debian kernel: do_user_addr_fault+0x191/0x550
Mär 29 21:22:15 debian kernel: handle_mm_fault+0xdb/0x2d0
Mär 29 21:22:15 debian kernel: __handle_mm_fault+0x660/0xfa0
Mär 29 21:22:15 debian kernel: do_fault+0x1b9/0x410
Mär 29 21:22:15 debian kernel: __do_fault+0x30/0x110
Mär 29 21:22:15 debian kernel: ? filemap_map_pages+0x153/0x720
Mär 29 21:22:15 debian kernel: filemap_fault+0x139/0x910
Mär 29 21:22:15 debian kernel: __filemap_get_folio+0x155/0x340
Mär 29 21:22:15 debian kernel: folio_alloc+0x17/0x50
Mär 29 21:22:15 debian kernel: __alloc_pages+0x305/0x330
Mär 29 21:22:15 debian kernel: __alloc_pages_slowpath.constprop.0+0x6fe/0xe60
Mär 29 21:22:15 debian kernel: out_of_memory+0x1fd/0x4c0
Mär 29 21:22:15 debian kernel: oom_kill_process.cold+0xb/0x10
Mär 29 21:22:15 debian kernel: dump_header+0x4c/0x22b
Mär 29 21:22:15 debian kernel: dump_stack_lvl+0x44/0x5c
Mär 29 21:22:15 debian kernel: <TASK>
Mär 29 21:22:15 debian kernel: Call Trace:
Mär 29 21:22:15 debian kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-debian-1.17.0-1 04/01/2014
Mär 29 21:22:15 debian kernel: CPU: 0 PID: 819 Comm: polkit-agent-he Not tainted 6.1.0-42-amd64 #1 Debian 6.1.159-1
Mär 29 21:22:15 debian kernel: polkit-agent-he invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
Mär 29 21:21:58 debian polkit-agent-helper-1[816]: pam_unix(polkit-1:auth): auth could not identify password for [michael]
Mär 29 21:21:58 debian polkit-agent-helper-1[816]: pam_unix(polkit-1:auth): conversation failed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20260329/9ca8b4a6/attachment-0001.sig>
More information about the Pkg-utopia-maintainers
mailing list