Hosting & Domaining Forum

Hosting Discussion => Hosting Security and Technology => Vulnerabilities => Topic started by: Mazaykina on Jun 23, 2022, 03:27 AM

Title: PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec
Post by: Mazaykina on Jun 23, 2022, 03:27 AM
This is a big (https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034) one. Get to patching or otherwise mitigating if you haven't already done so.
Title: Re: PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec
Post by: Ekatherina on Jun 23, 2022, 03:29 AM
Cloudlinux has patches:

yum clean all && yum -y update polkit*

CL8 you want to see afterwards:

rpm -qa | grep polkit
polkit-0.115-13.el8_5.1.x86_64

CL7 you want to see:

rpm -qa | grep polkit
polkit-0.112-26.el7_9.1.x86_64

Update: Almalinux 8 seems to have them too.
Title: Re: PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec
Post by: TDSko on Jun 23, 2022, 03:45 AM
btw

yum-cron-hourly (yes/yes/yes) / dnf-automatic on upgrade security was updated that

Still went trough all servers to manually verify