RedHat has issued an advisory today (June 3): https://access.redhat.com/errata/RHSA-2021:2238 The issue is fixed upstream in 0.119. Mageia 7 and Mageia 8 are also affected.
Status comment: (none) => Fixed upstream in 0.119Whiteboard: (none) => MGA8TOO, MGA7TOO
Latest Cauldron version is 0.118. Polkit is committed by different people, so assigning this update globally.
Assignee: bugsquad => pkg-bugs
patch added in cauldron/mga7/8 src: - polkit-0.116-1.1.mga7 - polkit-0.118-1.1.mga8
Assignee: pkg-bugs => qa-bugsCC: (none) => mageiaStatus comment: Fixed upstream in 0.119 => (none)Version: Cauldron => 8Whiteboard: MGA8TOO, MGA7TOO => MGA7TOO
RPMS list: polkit-0.116-1.1.mga7 libpolkit1_0-0.116-1.1.mga7 libpolkit-gir1.0-0.116-1.1.mga7 libpolkit1-devel-0.116-1.1.mga7 polkit-0.118-1.1.mga8 libpolkit1_0-0.118-1.1.mga8 libpolkit-gir1.0-0.118-1.1.mga8 libpolkit1-devel-0.118-1.1.mga8
MGA7-64 Plasma on Lenovo B50 No installation issues Ref bug 16319 for tests. After installation: # systemctl restart polkit [root@mach5 ~]# systemctl -l status polkit ● polkit.service - Authorization Manager Loaded: loaded (/usr/lib/systemd/system/polkit.service; static; vendor preset: enabled) Active: active (running) since Mon 2021-06-07 16:18:12 CEST; 2s ago Docs: man:polkit(8) Main PID: 27868 (polkitd) Tasks: 9 (limit: 4915) Memory: 7.4M CGroup: /system.slice/polkit.service └─27868 /usr/lib/polkit-1/polkitd --no-debug Jun 07 16:18:12 mach5.hviaene.thuis systemd[1]: Starting Authorization Manager... Jun 07 16:18:12 mach5.hviaene.thuis polkitd[27868]: Started polkitd version 0.116 Jun 07 16:18:12 mach5.hviaene.thuis polkitd[27868]: Loading rules from directory /etc/polkit-1/rules.d Jun 07 16:18:12 mach5.hviaene.thuis polkitd[27868]: Loading rules from directory /usr/share/polkit-1/rules.d Jun 07 16:18:12 mach5.hviaene.thuis polkitd[27868]: Finished loading, compiling and executing 9 rules Jun 07 16:18:12 mach5.hviaene.thuis systemd[1]: Started Authorization Manager. Jun 07 16:18:12 mach5.hviaene.thuis polkitd[27868]: Acquired the name org.freedesktop.PolicyKit1 on the system bus Jun 07 16:18:12 mach5.hviaene.thuis polkitd[27868]: Registered Authentication Agent for unix-session:2 (system bus name :1.57 [/usr/libexec/polkit-kde-authentication-> and then $ drakconf Too late to run INIT block at /usr/lib64/perl5/vendor_perl/Glib/Object/Introspection.pm line 257. Ignore the following Glib::Object::Introspection & Gtk3 warnings Subroutine Gtk3::main redefined at /usr/share/perl5/vendor_perl/Gtk3.pm line 525. GLib-LOG **: posix_spawn avoided (child_setup specified) at /usr/lib64/perl5/vendor_perl/Glib/Object/Introspection.pm line 67. GLib-LOG **: posix_spawn avoided (child_setup specified) at /usr/lib64/perl5/vendor_perl/Glib/Object/Introspection.pm line 67. Overriding existing handler for signal 10. Set JSC_SIGNAL_FOR_GC if you want WebKit to use a different signal MCC works OK.
Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OKCC: (none) => herman.viaene
MGA8 Plasma 64 Using QARepo and packages list in Comment 3 for x86_64 arch: To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "QA Testing (64-bit)") lib64polkit-gir1.0 0.118 1.1.mga8 x86_64 lib64polkit1_0 0.118 1.1.mga8 x86_64 polkit 0.118 1.1.mga8 x86_64 # systemctl restart polkit # systemctl -l status polkit ● polkit.service - Authorization Manager Loaded: loaded (/usr/lib/systemd/system/polkit.service; static) Active: active (running) since Tue 2021-06-08 21:13:23 CEST; 22s ago Docs: man:polkit(8) Main PID: 175759 (polkitd) Tasks: 8 (limit: 19128) Memory: 5.7M CPU: 62ms CGroup: /system.slice/polkit.service └─175759 /usr/lib/polkit-1/polkitd --no-debug juin 08 21:13:23 mageia.local systemd[1]: Starting Authorization Manager... juin 08 21:13:23 mageia.local polkitd[175759]: Started polkitd version 0.118 juin 08 21:13:23 mageia.local polkitd[175759]: Loading rules from directory /etc/polkit-1/rules.d juin 08 21:13:23 mageia.local polkitd[175759]: Loading rules from directory /usr/share/polkit-1/rules.d juin 08 21:13:23 mageia.local polkitd[175759]: Finished loading, compiling and executing 10 rules juin 08 21:13:23 mageia.local systemd[1]: Started Authorization Manager. juin 08 21:13:23 mageia.local polkitd[175759]: Acquired the name org.freedesktop.PolicyKit1 on the system bus juin 08 21:13:23 mageia.local polkitd[175759]: Registered Authentication Agent for unix-session:c2 (system...... Running drakconf OK. Good to go.
CC: (none) => ouaurelien, sysadmin-bugsWhiteboard: MGA7TOO MGA7-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OKKeywords: (none) => advisory, validated_updateCVE: (none) => CVE-2021-3560
Advisory: ======================== Updated polkit packages fix a security vulnerability: A flaw was found in polkit. When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process (CVE-2021-3560). References: - https://bugs.mageia.org/show_bug.cgi?id=29076 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3560 - https://access.redhat.com/errata/RHSA-2021:2238 ======================== Updated packages in 7/core/updates_testing: ======================== polkit-0.116-1.1.mga7 lib(64)polkit1_0-0.116-1.1.mga7 lib(64)polkit-gir1.0-0.116-1.1.mga7 lib(64)polkit1-devel-0.116-1.1.mga7 from SRPM: polkit-0.116-1.1.mga7 ======================== Updated packages in 8/core/updates_testing: ======================== polkit-0.118-1.1.mga8 libpolkit1_0-0.118-1.1.mga8 libpolkit-gir1.0-0.118-1.1.mga8 libpolkit1-devel-0.118-1.1.mga8 from SRPM: polkit-0.118-1.1.mga8
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0244.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED