PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec

Started by Mazaykina, Jun 23, 2022, 03:27 AM

Previous topic - Next topic

MazaykinaTopic starter

newbielink:https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 [nonactive] one. Get to patching or otherwise mitigating if you haven't already done so.
  •  

Ekatherina

Cloudlinux has patches:

yum clean all && yum -y update polkit*

CL8 you want to see afterwards:

rpm -qa | grep polkit
polkit-0.115-13.el8_5.1.x86_64

CL7 you want to see:

rpm -qa | grep polkit
polkit-0.112-26.el7_9.1.x86_64

Update: Almalinux 8 seems to have them too.
  •  

TDSko

btw

yum-cron-hourly (yes/yes/yes) / dnf-automatic on upgrade security was updated that

Still went trough all servers to manually verify
  •