RedHat has issued advisories today (January 25): https://access.redhat.com/errata/RHSA-2022:0267 https://access.redhat.com/errata/RHSA-2022:0274 Qualsys advisory with more info: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt https://www.openwall.com/lists/oss-security/2022/01/25/11 Upstream commit to fix the issue: https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mageia 8 is also affected.
Status comment: (none) => Patch available from upstreamWhiteboard: (none) => MGA8TOO
Fixed in mga8: src: - polkit-0.118-1.1.mga8
CC: (none) => mageia
Advisory: ======================== Updated polkit packages fix security vulnerability: A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine (CVE-2021-4034). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4034 https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt https://access.redhat.com/errata/RHSA-2022:0267 ======================== Updated packages in core/updates_testing: ======================== polkit-0.118-1.1.mga8 libpolkit-gir1.0-0.118-1.1.mga8 libpolkit1_0-0.118-1.1.mga8 libpolkit1-devel-0.118-1.1.mga8 from polkit-0.118-1.1.mga8.src.rpm
Whiteboard: MGA8TOO => (none)Assignee: bugsquad => qa-bugsStatus comment: Patch available from upstream => (none)Version: Cauldron => 8
$ rpm -qa --last |grep ^polkit polkit-kde-agent-1-5.20.4-1.mga8.x86_64 2021-07-13T18:21:38 EDT polkit-0.118-1.1.mga8.x86_64 2021-07-13T18:09:51 EDT Looks like the release needs to be bumped.
CC: (none) => davidwhodgins
Oh my, you're right. Updated packages in core/updates_testing: ======================== polkit-0.118-1.2.mga8 libpolkit-gir1.0-0.118-1.2.mga8 libpolkit1_0-0.118-1.2.mga8 libpolkit1-devel-0.118-1.2.mga8 from polkit-0.118-1.2.mga8.src.rpm
Source RPM: polkit-0.120-1.mga9.src.rpm => polkit-0.118-1.1.mga8.src.rpm
Keywords: (none) => feedback
Keywords: feedback => (none)
Advisory committed to svn using polkit-0.118-1.2.mga8 for the srpm.
Keywords: (none) => advisory
Got it from the princeton mirror already. Tested on x86_64 and aarch64. Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0037.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
That was really quick! Well done :)
CC: (none) => fri
For what it's worth, tried it on a 32-bit Xfce install on 64-bit hardware (Probook 6550b, i3, server kernel), and it worked perfectly. Also on same hardware, 64-bit Plasma install. Adding the OKs...
Whiteboard: (none) => MGA8-64-OK MGA8-32-OKCC: (none) => andrewsfarm
*** Bug 29951 has been marked as a duplicate of this bug. ***
CC: (none) => petlaw726
*** Bug 29954 has been marked as a duplicate of this bug. ***
CC: (none) => ubuntu