GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Jul 13, 2021 3:26 am Post subject: [ GLSA 202107-31 ] polkit |
 |
|
Gentoo Linux Security Advisory
Title: polkit: Privilege escalation (GLSA 202107-31)
Severity: high
Exploitable: local
Date: 2021-07-13
Bug(s): #794052
ID: 202107-31
Synopsis
A vulnerability in polkit could lead to local root privilege
escalation.
Background
polkit is a toolkit for managing policies related to unprivileged
processes communicating with privileged process.
Affected Packages
Package: sys-auth/polkit
Vulnerable: < 0.119
Unaffected: >= 0.119
Architectures: All supported architectures
Description
The function polkit_system_bus_name_get_creds_sync() was called without
checking for error, and as such temporarily treats the authentication
request as coming from root.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All polkit users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.119"
|
References
CVE-2021-3560
Last edited by GLSA on Sat Jan 22, 2022 4:58 am; edited 2 times in total |
|
News & Announcements
