[BlueOnyx:25323] Re: CVE-2021-4034 (PwnKit) *** IMPORTANT ***

[Ken Hohhof]

Michael, thanks.

Do we even need pkexec?

And does the "temporary mitigation" take care of it, or could a regular user
undo that?
chmod 0755 /usr/bin/pkexec


-----Original Message-----
From: Blueonyx <blueonyx-bounces at mail.blueonyx.it> On Behalf Of Michael
Stauber
Sent: Tuesday, January 25, 2022 11:33 PM
To: blueonyx at mail.blueonyx.it
Subject: [BlueOnyx:25322] Re: CVE-2021-4034 (PwnKit) *** IMPORTANT ***

Hi all,

> Yes, the BlueOnyx YUM repositories are currently borked. :-(
> 
> Am on it. Should have them up again in a few minutes.

The BlueOnyx YUM repositories are working again. Sorry, that was a stupid
mistake unrelated to the "Polkit" fix. Somehow the toplevel YUM repo had
switched from running a fully configured Apache to a semi-configured Nginx.
I turned off (and disabled) Nginx and restarted Apache and that brought the
repositories back online.

One good good thing came from that, though: This allowed me to find a weak
link in our distributed repository architecture. The subsequent mirrors
should still work even if the toplevel repository doesn't. Which clearly
wasn't the case due to a callback whose "continue on error" 
didn't work. That's going to be fixed in a few minutes as well.

--
With best regards

Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx