[BlueOnyx:25325] Re: CVE-2021-4034 (PwnKit) *** Updates available! ***
Michael Stauber
mstauber at blueonyx.it
Thu Jan 27 03:53:03 -05 2022
Hi all,
> A vulnerability in Polkit's pkexec component identified as CVE-2021-4034
> (PwnKit) is present in the default configuration of all major Linux
> distributions and can be exploited to gain full root privileges on the
> system, researchers warned today.
>
> CVE-2021-4034 has been named PwnKit and its origin has been tracked to
> the initial commit of pkexec, more than 12 years ago, meaning that all
> Polkit versions are affected.
---------------------------------------------------------------------
HTML version of this message is available here:
https://www.blueonyx.it/news/302/15/CVE-2021-4034-Updates-available/
---------------------------------------------------------------------
YUM updates from upstream are now available that fix the "polkit" issue
on the following platforms:
- Aventurin{e} 6109R
- BlueOnyx 5210R (AlmaLinux 8)
- BlueOnyx 5209R (CentOS 7)
And additionally for BlueOnyx 5207R/5208R (EOL!) on CentOS 6 and SL6 we
have reconfigured NewLinQ to automatically push the Polkit PKGs out so
that they get installed as soon as your server polls NewLinQ.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list