Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.0352
polkit security update
27 January 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: polkit
Publisher: Red Hat
Operating System: Red Hat
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Increased Privileges -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-4034
Original Bulletin:
https://access.redhat.com/errata/RHSA-2022:0265
https://access.redhat.com/errata/RHSA-2022:0266
https://access.redhat.com/errata/RHSA-2022:0267
https://access.redhat.com/errata/RHSA-2022:0268
https://access.redhat.com/errata/RHSA-2022:0269
https://access.redhat.com/errata/RHSA-2022:0270
https://access.redhat.com/errata/RHSA-2022:0271
https://access.redhat.com/errata/RHSA-2022:0272
https://access.redhat.com/errata/RHSA-2022:0273
https://access.redhat.com/errata/RHSA-2022:0274
Comment: This advisory references vulnerabilities in products which run on
platforms other than Red Hat. It is recommended that administrators
running polkit check for an updated version of the software for
their operating system.
This bulletin contains ten (10) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: polkit security update
Advisory ID: RHSA-2022:0265-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0265
Issue date: 2022-01-25
CVE Names: CVE-2021-4034
=====================================================================
1. Summary:
An update for polkit is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
The polkit packages provide a component for controlling system-wide
privileges. This component provides a uniform and organized way for
non-privileged processes to communicate with privileged ones.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of
argument vector (CVE-2021-4034)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector
6. Package List:
Red Hat Enterprise Linux BaseOS EUS (v. 8.2):
Source:
polkit-0.115-11.el8_2.2.src.rpm
aarch64:
polkit-0.115-11.el8_2.2.aarch64.rpm
polkit-debuginfo-0.115-11.el8_2.2.aarch64.rpm
polkit-debugsource-0.115-11.el8_2.2.aarch64.rpm
polkit-devel-0.115-11.el8_2.2.aarch64.rpm
polkit-libs-0.115-11.el8_2.2.aarch64.rpm
polkit-libs-debuginfo-0.115-11.el8_2.2.aarch64.rpm
noarch:
polkit-docs-0.115-11.el8_2.2.noarch.rpm
ppc64le:
polkit-0.115-11.el8_2.2.ppc64le.rpm
polkit-debuginfo-0.115-11.el8_2.2.ppc64le.rpm
polkit-debugsource-0.115-11.el8_2.2.ppc64le.rpm
polkit-devel-0.115-11.el8_2.2.ppc64le.rpm
polkit-libs-0.115-11.el8_2.2.ppc64le.rpm
polkit-libs-debuginfo-0.115-11.el8_2.2.ppc64le.rpm
s390x:
polkit-0.115-11.el8_2.2.s390x.rpm
polkit-debuginfo-0.115-11.el8_2.2.s390x.rpm
polkit-debugsource-0.115-11.el8_2.2.s390x.rpm
polkit-devel-0.115-11.el8_2.2.s390x.rpm
polkit-libs-0.115-11.el8_2.2.s390x.rpm
polkit-libs-debuginfo-0.115-11.el8_2.2.s390x.rpm
x86_64:
polkit-0.115-11.el8_2.2.x86_64.rpm
polkit-debuginfo-0.115-11.el8_2.2.i686.rpm
polkit-debuginfo-0.115-11.el8_2.2.x86_64.rpm
polkit-debugsource-0.115-11.el8_2.2.i686.rpm
polkit-debugsource-0.115-11.el8_2.2.x86_64.rpm
polkit-devel-0.115-11.el8_2.2.i686.rpm
polkit-devel-0.115-11.el8_2.2.x86_64.rpm
polkit-libs-0.115-11.el8_2.2.i686.rpm
polkit-libs-0.115-11.el8_2.2.x86_64.rpm
polkit-libs-debuginfo-0.115-11.el8_2.2.i686.rpm
polkit-libs-debuginfo-0.115-11.el8_2.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-4034
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYfCFUdzjgjWX9erEAQh3dA/+KZY5O0pnl37K6DHm17OMlGyhTugxaWte
L982VsaIFT6SqKTrc1vAog6rdSyK3l1GM05HMuGOE2jx2Tkdjx58JyzVzSJJLSts
O/bgeROVDyjzg3vucIK5jATAvD5WkrSlgI3/y7yzm0MO4W8xbhWmgNhuuMDbIF89
2099LUux/rkaXIQDgGia+FzUcFGttlck9BNHO5hL/4yyDCLTv+/LTIJALObA8Stf
t98hAXYiU7f4E1d7tAsz/OpgV2GP/QRx/nn2RrXtVlm3neBGOGjcti+jImVNyxrQ
XB4/L99SeTpV0UbFC7b2MCmF8A/BaViq5XGcpeG2tq4+SLH67CAA1vuOfmqeP1cN
T9Ojgd3sf156r8Y+fQe0XoFop932k8hyvwnCRtdmVL0Wj7maRPh982Tczuz2OUY5
TNPETSf8oCEHxxSH1Gc89k/Hy0OugTxoxjZxuX/tJXXIkRTa30eUcPAmVd9VyvSL
hJBHl6yW/UO5zzLp/l1dbf+7GW51BxAh7kl1UBRAmjA74qulK77BJumhvc9+NdVq
fymdu0yZoX5xlzgawXPeJM3CeYBgtz1VcXSH++8VFyPLvYzgl4SPIeopnlSHnlsw
csNFVvf01LI/Unk3Qn5obUurMp+Sw2GlHRJsURyoG7ZdHAcpAvtV0w0Jq0PTJvKM
JLPjvKL+T94=
=I6iA
- -----END PGP SIGNATURE-----
- ------------------------------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: polkit security update
Advisory ID: RHSA-2022:0266-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0266
Issue date: 2022-01-25
CVE Names: CVE-2021-4034
=====================================================================
1. Summary:
An update for polkit is now available for Red Hat Enterprise Linux 8.4
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
The polkit packages provide a component for controlling system-wide
privileges. This component provides a uniform and organized way for
non-privileged processes to communicate with privileged ones.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of
argument vector (CVE-2021-4034)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector
6. Package List:
Red Hat Enterprise Linux BaseOS EUS (v.8.4):
Source:
polkit-0.115-11.el8_4.2.src.rpm
aarch64:
polkit-0.115-11.el8_4.2.aarch64.rpm
polkit-debuginfo-0.115-11.el8_4.2.aarch64.rpm
polkit-debugsource-0.115-11.el8_4.2.aarch64.rpm
polkit-devel-0.115-11.el8_4.2.aarch64.rpm
polkit-libs-0.115-11.el8_4.2.aarch64.rpm
polkit-libs-debuginfo-0.115-11.el8_4.2.aarch64.rpm
noarch:
polkit-docs-0.115-11.el8_4.2.noarch.rpm
ppc64le:
polkit-0.115-11.el8_4.2.ppc64le.rpm
polkit-debuginfo-0.115-11.el8_4.2.ppc64le.rpm
polkit-debugsource-0.115-11.el8_4.2.ppc64le.rpm
polkit-devel-0.115-11.el8_4.2.ppc64le.rpm
polkit-libs-0.115-11.el8_4.2.ppc64le.rpm
polkit-libs-debuginfo-0.115-11.el8_4.2.ppc64le.rpm
s390x:
polkit-0.115-11.el8_4.2.s390x.rpm
polkit-debuginfo-0.115-11.el8_4.2.s390x.rpm
polkit-debugsource-0.115-11.el8_4.2.s390x.rpm
polkit-devel-0.115-11.el8_4.2.s390x.rpm
polkit-libs-0.115-11.el8_4.2.s390x.rpm
polkit-libs-debuginfo-0.115-11.el8_4.2.s390x.rpm
x86_64:
polkit-0.115-11.el8_4.2.x86_64.rpm
polkit-debuginfo-0.115-11.el8_4.2.i686.rpm
polkit-debuginfo-0.115-11.el8_4.2.x86_64.rpm
polkit-debugsource-0.115-11.el8_4.2.i686.rpm
polkit-debugsource-0.115-11.el8_4.2.x86_64.rpm
polkit-devel-0.115-11.el8_4.2.i686.rpm
polkit-devel-0.115-11.el8_4.2.x86_64.rpm
polkit-libs-0.115-11.el8_4.2.i686.rpm
polkit-libs-0.115-11.el8_4.2.x86_64.rpm
polkit-libs-debuginfo-0.115-11.el8_4.2.i686.rpm
polkit-libs-debuginfo-0.115-11.el8_4.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-4034
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYfCFOtzjgjWX9erEAQiDbRAAg7MqhjSqhPLnXD6EDEMGQRVn7DBHcXMZ
RBlr8tnh6zkG2UDOixNOZfTZIFjO8nyUkn8xu+AoBrrlLl5Ab7YmFR0n2EH1tH2T
gzCndWDWa42UwlbydSjoezr+qVhCqRtWbTxSakHNvL4UO4ZswzM7vFPz9JYUXFnE
DrbfAV0dhzgQp3GL2IQ4PDMVBtzdulYp+53XJ8fVJQLpgeqVf0Kpoh9x4JechBJG
/7C4xyDWmBMf8AXUNYDem1iMmvyji8zUU4+2I71tz2aE+2/kGHtXtqmlNdUbC8Em
/TlXsh+KtDcjcr413JKLvq5LD+MpkjSET+HArNoHQfJ1EECn3PT0fDXw+zF6nLTd
bksTgEew7tMRTmk3sJBQ5Mkb4XHrHx+tXK1MupMVLRlOsy+pLXG2RKkROkPJe+/U
GHKqrb3kXqTMagrUk5BrFCtfaCqq/wUFlBQDQsn6LJDh1t290CkKXzQRVwZSl96d
tP0EzRMdJcg92vWumjbFvCgmfh6/BKoJd2xohLxp+FAkooDqKPspILWJDlaFguZ9
EM2luzM+4+OtpKKTiUhivmTul3yl9cJdef0eF7hX48bjunjc9ikznmZvID5b/PR3
nt6seYAVGXjocZPIiRJyi/QGLur9wvvtCY7CljipE2hGGA2j4AohPVkO2Auy9CdT
bSrNWt5Hpa0=
=j6Hu
- -----END PGP SIGNATURE-----
- ------------------------------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: polkit security update
Advisory ID: RHSA-2022:0267-02
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0267
Issue date: 2022-01-25
CVE Names: CVE-2021-4034
=====================================================================
1. Summary:
An update for polkit is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
The polkit packages provide a component for controlling system-wide
privileges. This component provides a uniform and organized way for
non-privileged processes to communicate with privileged ones.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of
argument vector (CVE-2021-4034)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector
6. Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
polkit-0.115-13.el8_5.1.src.rpm
aarch64:
polkit-0.115-13.el8_5.1.aarch64.rpm
polkit-debuginfo-0.115-13.el8_5.1.aarch64.rpm
polkit-debugsource-0.115-13.el8_5.1.aarch64.rpm
polkit-devel-0.115-13.el8_5.1.aarch64.rpm
polkit-libs-0.115-13.el8_5.1.aarch64.rpm
polkit-libs-debuginfo-0.115-13.el8_5.1.aarch64.rpm
noarch:
polkit-docs-0.115-13.el8_5.1.noarch.rpm
ppc64le:
polkit-0.115-13.el8_5.1.ppc64le.rpm
polkit-debuginfo-0.115-13.el8_5.1.ppc64le.rpm
polkit-debugsource-0.115-13.el8_5.1.ppc64le.rpm
polkit-devel-0.115-13.el8_5.1.ppc64le.rpm
polkit-libs-0.115-13.el8_5.1.ppc64le.rpm
polkit-libs-debuginfo-0.115-13.el8_5.1.ppc64le.rpm
s390x:
polkit-0.115-13.el8_5.1.s390x.rpm
polkit-debuginfo-0.115-13.el8_5.1.s390x.rpm
polkit-debugsource-0.115-13.el8_5.1.s390x.rpm
polkit-devel-0.115-13.el8_5.1.s390x.rpm
polkit-libs-0.115-13.el8_5.1.s390x.rpm
polkit-libs-debuginfo-0.115-13.el8_5.1.s390x.rpm
x86_64:
polkit-0.115-13.el8_5.1.x86_64.rpm
polkit-debuginfo-0.115-13.el8_5.1.i686.rpm
polkit-debuginfo-0.115-13.el8_5.1.x86_64.rpm
polkit-debugsource-0.115-13.el8_5.1.i686.rpm
polkit-debugsource-0.115-13.el8_5.1.x86_64.rpm
polkit-devel-0.115-13.el8_5.1.i686.rpm
polkit-devel-0.115-13.el8_5.1.x86_64.rpm
polkit-libs-0.115-13.el8_5.1.i686.rpm
polkit-libs-0.115-13.el8_5.1.x86_64.rpm
polkit-libs-debuginfo-0.115-13.el8_5.1.i686.rpm
polkit-libs-debuginfo-0.115-13.el8_5.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-4034
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYfCFSNzjgjWX9erEAQjH5g/+Ow1LenqO68H0K6bmZODmtmddFl/JaIly
5Ggqn2I5E73G6EIQc8mjaby1Nlp7mpZd0zoXuk4fsoOUx7jv70Vuf7cbYr56ojuu
9NTAHtPh62Dh320JlMlIO3e8DXjd2m13+MlycjlczGt+d14yj88CfItr9H39DXtR
/0KnoglLvo/K8296xl3BD5x9xMB7DQFoOznpsDkIIv9znEpXDDduo8aZ6PQHINdo
lrjjzaWYKavpnblRYEX1tTHpG3T9FHoV+9VQXKHFjtwR+ZQ2xq3bWebvUwCLxtYi
Mzs0tWwA7AiunvoxEdga9vz/1mIPI/rx9MxrzeinOQxQ9oCX6XQsoDBTGr8KZFq1
83BNqaIZyCa7ng6sbH84sG/FNRyTisNDNTVaW/vU3hVGP/chJrpVRuJqmp2oVtXg
Vhn6yfpbRqA6lmSUvh8sJQlLKnUvsfXBs0GSr9mHW8qoeDRSKXbgd+KpxIakkAOd
Jg2R1C1aTi86Nb3+NEbDd8Z2+OidFg4l1nD13lYh6Edwyr8dMGhL80JB4WEr8Nih
BgzN9HbqkTjPxMzwc/cfqM4hZnCO55zE5KWqsVifRY0OA/dbjfpAiTjFNMcRPGDN
ShGNyfsuIvlr4W1HJfTs8vTAB0W9JgamtjKfef07ZAw3dCu4b2Qsf5AjkIIyyL1k
KENkA/YGKSA=
=hm0D
- -----END PGP SIGNATURE-----
- ------------------------------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: polkit security update
Advisory ID: RHSA-2022:0268-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0268
Issue date: 2022-01-25
CVE Names: CVE-2021-4034
=====================================================================
1. Summary:
An update for polkit is now available for Red Hat Enterprise Linux 8.1
Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - noarch, ppc64le, x86_64
3. Description:
The polkit packages provide a component for controlling system-wide
privileges. This component provides a uniform and organized way for
non-privileged processes to communicate with privileged ones.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of
argument vector (CVE-2021-4034)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector
6. Package List:
Red Hat Enterprise Linux BaseOS E4S (v. 8.1):
Source:
polkit-0.115-9.el8_1.2.src.rpm
noarch:
polkit-docs-0.115-9.el8_1.2.noarch.rpm
ppc64le:
polkit-0.115-9.el8_1.2.ppc64le.rpm
polkit-debuginfo-0.115-9.el8_1.2.ppc64le.rpm
polkit-debugsource-0.115-9.el8_1.2.ppc64le.rpm
polkit-devel-0.115-9.el8_1.2.ppc64le.rpm
polkit-libs-0.115-9.el8_1.2.ppc64le.rpm
polkit-libs-debuginfo-0.115-9.el8_1.2.ppc64le.rpm
x86_64:
polkit-0.115-9.el8_1.2.x86_64.rpm
polkit-debuginfo-0.115-9.el8_1.2.i686.rpm
polkit-debuginfo-0.115-9.el8_1.2.x86_64.rpm
polkit-debugsource-0.115-9.el8_1.2.i686.rpm
polkit-debugsource-0.115-9.el8_1.2.x86_64.rpm
polkit-devel-0.115-9.el8_1.2.i686.rpm
polkit-devel-0.115-9.el8_1.2.x86_64.rpm
polkit-libs-0.115-9.el8_1.2.i686.rpm
polkit-libs-0.115-9.el8_1.2.x86_64.rpm
polkit-libs-debuginfo-0.115-9.el8_1.2.i686.rpm
polkit-libs-debuginfo-0.115-9.el8_1.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-4034
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYfCFpNzjgjWX9erEAQjYQg/8DhdcAsypRrK1iyUDmcamWItxaJCNFUQV
3Ld1wwJD4GJuS9Kk4GThO/VVIeF4zEwTz3odbm89yIZzi8FbjIOXTZcispRypjXJ
ICR1RUOyriZzpwEXUTBZ+/q0dltArUu34fi/S7zqDtB1HxBFCVjNCra45PEse9h+
8W2KLOneBYB6bvDLFAz3Q2O/dhFq/2RpxVBskoY3C9JNd8kUDsmpEjOai936QErH
U8NWW5N1uO9Bh2/IX89mu72mcl4kfWpALAbT6gbXywlHzx3huCBjmSpNZvKVAImW
YuKfXcIvix4LZidMydIhtEJHL08vxzbhxjgpzbeXTWST++35A7yzv7NZdznHa/2/
hXMofDL4hDQDcfht9HKRYSYrFUf+fGhg4vOpBP9flRtMwzBKdx/yPQlzkSuuiNPM
zEBCnP9OVndlVdCjjGTDfPdCWQj6lvL5OHbZ+oDkXl7tq10n3JsJUxt1VqWE/QFo
GSJjtqyjMAVSsgV7IR/aBuIooMy1X7RcRUIXRLsDIot5mb0B3KGi1AydWkXVGGof
Pfsvbw3SnWPKLBPJmp32CwvQFuXUC+ZE6V1rLlwCdmWDPfN2fMo5agz6Uln7x54+
IrEjTdSoTtjOV54OTmCHmnPH8xy4GXOt6rVSnDFscsDT0/uIUnOo+5bh9HX8iJbv
7H8n/zjA7hw=
=O6hl
- -----END PGP SIGNATURE-----
- ------------------------------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: polkit security update
Advisory ID: RHSA-2022:0269-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0269
Issue date: 2022-01-25
CVE Names: CVE-2021-4034
=====================================================================
1. Summary:
An update for polkit is now available for Red Hat Enterprise Linux 6
Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6 ELS) - i386, noarch, s390x, x86_64
3. Description:
The polkit packages provide a component for controlling system-wide
privileges. This component provides a uniform and organized way for
non-privileged processes to communicate with privileged ones.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of
argument vector (CVE-2021-4034)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector
6. Package List:
Red Hat Enterprise Linux Server (v. 6 ELS):
Source:
polkit-0.96-11.el6_10.2.src.rpm
i386:
polkit-0.96-11.el6_10.2.i686.rpm
polkit-debuginfo-0.96-11.el6_10.2.i686.rpm
polkit-devel-0.96-11.el6_10.2.i686.rpm
polkit-docs-0.96-11.el6_10.2.i686.rpm
noarch:
polkit-desktop-policy-0.96-11.el6_10.2.noarch.rpm
s390x:
polkit-0.96-11.el6_10.2.s390.rpm
polkit-0.96-11.el6_10.2.s390x.rpm
polkit-debuginfo-0.96-11.el6_10.2.s390.rpm
polkit-debuginfo-0.96-11.el6_10.2.s390x.rpm
polkit-devel-0.96-11.el6_10.2.s390.rpm
polkit-devel-0.96-11.el6_10.2.s390x.rpm
polkit-docs-0.96-11.el6_10.2.s390x.rpm
x86_64:
polkit-0.96-11.el6_10.2.i686.rpm
polkit-0.96-11.el6_10.2.x86_64.rpm
polkit-debuginfo-0.96-11.el6_10.2.i686.rpm
polkit-debuginfo-0.96-11.el6_10.2.x86_64.rpm
polkit-devel-0.96-11.el6_10.2.i686.rpm
polkit-devel-0.96-11.el6_10.2.x86_64.rpm
polkit-docs-0.96-11.el6_10.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-4034
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYfCF7tzjgjWX9erEAQjO4Q/9FOYYyKrY4ZF/gPytRYFoyzL1L98i+igD
PbZORA8NcZVz6/DcjmACAQeid4Sj3WSUmy80gdanECLWwWIo5LDjJ8Wneo9pk7kw
SGVHOg+wdiiGYBi/z0Zn11/FuXtDMHqEiYXJWhMDpF7UWuNzj1izp6qNyB2fKpfg
VF2VyCPnGN1s9KS5UCflOgDirsQ56hExxz3fNLMkBPxBoMfBwtftsP1H96DmV0ZR
u42cn+nC54sU036hiQLEpi4EFk4Oq1Y4fLi+innqtqT0JehOl9pWfBSauQjERwLO
wCzZcifptDqlO66PR0XnzIDAONlgJsg+Fvih2gCZV6nSXgWCL5NecmS/MeXYacuw
4y3TA/QT+P7bNZjGBRXkeLNP++2Li68KtLeCX6UdVvLhFhKvN0yvMFgeD0/2llKB
NZhPgESwWb5hQurMAce3TrBYGhpY6wLqZJPwD4NN6J+8fwujT938Rq/vsxBD8DuS
TQHVO2ZDAeJX+vV4Dep8SVYBCl9BdK762TTM9Ejcos1DrA9DW1yoSAMZppz3MgcJ
emW0TMVD3IrHNq9P9+xDlvJ00tHPc8/XnuLDLhO7GdMoPJYLq85GUJpmwHB0YBF+
LZ6A0GGf2FrkYr2wO2I8zy4FlwRK5rS25xG5TAPu8aH5hfkc3klvj3hDjx4vqGyx
S5SlsHD7cds=
=MPAF
- -----END PGP SIGNATURE-----
- ------------------------------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: polkit security update
Advisory ID: RHSA-2022:0270-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0270
Issue date: 2022-01-25
CVE Names: CVE-2021-4034
=====================================================================
1. Summary:
An update for polkit is now available for Red Hat Enterprise Linux 7.3
Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.3) - noarch, x86_64
3. Description:
The polkit packages provide a component for controlling system-wide
privileges. This component provides a uniform and organized way for
non-privileged processes to communicate with privileged ones.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of
argument vector (CVE-2021-4034)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector
6. Package List:
Red Hat Enterprise Linux Server AUS (v. 7.3):
Source:
polkit-0.112-12.el7_3.1.src.rpm
noarch:
polkit-docs-0.112-12.el7_3.1.noarch.rpm
x86_64:
polkit-0.112-12.el7_3.1.i686.rpm
polkit-0.112-12.el7_3.1.x86_64.rpm
polkit-debuginfo-0.112-12.el7_3.1.i686.rpm
polkit-debuginfo-0.112-12.el7_3.1.x86_64.rpm
polkit-devel-0.112-12.el7_3.1.i686.rpm
polkit-devel-0.112-12.el7_3.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-4034
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYfCF5tzjgjWX9erEAQgrWQ/+NLhNp68nJlgfO3Y75rxMER0zuiU/NvFY
S4YQcm+6PFPlxqRXMveiAWaAIcawQGWhWgs7d1kt37IBUHfh69NahLHF6D44Cxbf
byEZHFVXRcKn4Aw7a1rmzXu03IZhSNvl4MXZpiiYPrg7ei3nR4RDqh4pPsPGN0vX
qMZb4NvjsKFhJMKXEaEFJXB3/MLOTRpn1AMXz7CXR0RnNZQcgqWXpHZeXR/W3K1D
2vkP0Tq94bXepDe4zXq1swHSW2oQDL4ZWRztWSHc6V2J6wfh+bSYIGK+TVCMlr4V
lGy7WTsZZUrwynIIf82JDnM2r7VWEwfTMq+VMos7ClE/vEzwv7GrCDLaAVVea0Ev
nvqCZ+FU0RwTdlpTIbMynrTkyj5W08Z+eTnBR4BH3ehiO25lejj+xpWWU5A+yzd2
Q0O+gqrD4U1/8+EuZzyYOe0I8j9OWLxzbMUHqN4uHsBwngF4OvDiqiesOxjx0fuD
SQFFVYT++UDVTQcwLxuX32wpZq1BSG4JBFVPafoyeZCJgFHiMhw5k/I33N5SfIth
3VVrkqovhRpXLGWGH5G0ORy0qEYbsEQ/YwDLv7wsu6eSllrmCJNif6BpX974ZszO
Z0Gu/DOJ3lp8cHW6UIEa8hvoa7L2n/zPqA1A8czn/rP0CHxJwrHu/JR58oubqxyJ
S2k1PsUMGaQ=
=oJp9
- -----END PGP SIGNATURE-----
- ------------------------------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: polkit security update
Advisory ID: RHSA-2022:0271-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0271
Issue date: 2022-01-25
CVE Names: CVE-2021-4034
=====================================================================
1. Summary:
An update for polkit is now available for Red Hat Enterprise Linux 7.6
Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP
Solutions.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64
Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64
Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64
3. Description:
The polkit packages provide a component for controlling system-wide
privileges. This component provides a uniform and organized way for
non-privileged processes to communicate with privileged ones.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of
argument vector (CVE-2021-4034)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector
6. Package List:
Red Hat Enterprise Linux Server AUS (v. 7.6):
Source:
polkit-0.112-18.el7_6.3.src.rpm
noarch:
polkit-docs-0.112-18.el7_6.3.noarch.rpm
x86_64:
polkit-0.112-18.el7_6.3.i686.rpm
polkit-0.112-18.el7_6.3.x86_64.rpm
polkit-debuginfo-0.112-18.el7_6.3.i686.rpm
polkit-debuginfo-0.112-18.el7_6.3.x86_64.rpm
polkit-devel-0.112-18.el7_6.3.i686.rpm
polkit-devel-0.112-18.el7_6.3.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.6):
Source:
polkit-0.112-18.el7_6.3.src.rpm
noarch:
polkit-docs-0.112-18.el7_6.3.noarch.rpm
ppc64le:
polkit-0.112-18.el7_6.3.ppc64le.rpm
polkit-debuginfo-0.112-18.el7_6.3.ppc64le.rpm
polkit-devel-0.112-18.el7_6.3.ppc64le.rpm
x86_64:
polkit-0.112-18.el7_6.3.i686.rpm
polkit-0.112-18.el7_6.3.x86_64.rpm
polkit-debuginfo-0.112-18.el7_6.3.i686.rpm
polkit-debuginfo-0.112-18.el7_6.3.x86_64.rpm
polkit-devel-0.112-18.el7_6.3.i686.rpm
polkit-devel-0.112-18.el7_6.3.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.6):
Source:
polkit-0.112-18.el7_6.3.src.rpm
noarch:
polkit-docs-0.112-18.el7_6.3.noarch.rpm
x86_64:
polkit-0.112-18.el7_6.3.i686.rpm
polkit-0.112-18.el7_6.3.x86_64.rpm
polkit-debuginfo-0.112-18.el7_6.3.i686.rpm
polkit-debuginfo-0.112-18.el7_6.3.x86_64.rpm
polkit-devel-0.112-18.el7_6.3.i686.rpm
polkit-devel-0.112-18.el7_6.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-4034
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYfCFvdzjgjWX9erEAQjMTA//RP7Fr+gBz580MJ69dF+pgMTncLfODjVN
EfzEnfK+7+38WVOcnFCmO3jyQsI/jbtJATnNuO+kSEzMtI1XDYfmOl+jyqyPaw4J
OrzdJeH9fSLK8yNH2+SZoyU5KQ1UEVe/cf0ZeYIm8WUeAB4ZmZarZxvr5DACChjN
sWEbMYv3PSzAaGEsRY/QvC4OhS5FKp9e63pMhk2zyj+fAzhCJph5wCrQv0hMy9uJ
YmetFakJlJ5BCoALPZd1lAgG+mOq1/VLjhNuNUEqSjFnxYMQpDyT+0jqL6NKP5vv
0a8+Sv+R4jtElefdCPq8TtGPz/lehiwQL8sDiLpjsIPXX8FVeStgRPoi4ZV3YWnK
vBfck9/dkT7TWJC5NnET7KZMtqVuWFApKU9fmB9Rnrclc4pZgQ3ERn5CKygyu916
U2zxntbTi2rHO1MspB9PDjnNpcbM8uKdHFNfRVXr2Q+N0hL/S83HdG7p2yQDt8P1
ApIoumaNqJ0vP+XJ37PBYGunsNqwkkOAQNktM8bHN2BfIUEAmzfZAyQAEwwcQyuR
oOqvcYe0YHIoZXge7MVght4K2u28QFuV2itgC0Xcd9Yhjb9P2pY3lx+eWf8Hx5+S
cbhCzbLRYUy+XcaetA5eTIcj+f3dNF2XxVeUPkyYm1RHI9xtB+5KVFmx4k//nOu2
wEfNvkG7gHU=
=ZXR+
- -----END PGP SIGNATURE-----
- ------------------------------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: polkit security update
Advisory ID: RHSA-2022:0272-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0272
Issue date: 2022-01-25
CVE Names: CVE-2021-4034
=====================================================================
1. Summary:
An update for polkit is now available for Red Hat Enterprise Linux 7.4
Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64
3. Description:
The polkit packages provide a component for controlling system-wide
privileges. This component provides a uniform and organized way for
non-privileged processes to communicate with privileged ones.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of
argument vector (CVE-2021-4034)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector
6. Package List:
Red Hat Enterprise Linux Server AUS (v. 7.4):
Source:
polkit-0.112-12.el7_4.2.src.rpm
noarch:
polkit-docs-0.112-12.el7_4.2.noarch.rpm
x86_64:
polkit-0.112-12.el7_4.2.i686.rpm
polkit-0.112-12.el7_4.2.x86_64.rpm
polkit-debuginfo-0.112-12.el7_4.2.i686.rpm
polkit-debuginfo-0.112-12.el7_4.2.x86_64.rpm
polkit-devel-0.112-12.el7_4.2.i686.rpm
polkit-devel-0.112-12.el7_4.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-4034
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYfCFdNzjgjWX9erEAQgv1g//d7X814nRkwoj4yGB7PJjAXzD//rEyB8B
JinOEe3Qflmfry+HjCxpmOJcs5zy1gaTIyniYBVui3TUyO6/iV0HXVMIhc1HUhUN
R2Pbpah67DgE8IeWmdwCW7w0iIrpMx8EKoqUgp5MkrkaTFSbmn6IecbvadlGN/AX
uwDEltwbtAAFPF+iHAL8Ub87fWE+ZpZzIDKOCR12Py50bn/aMcQDNteylJq/vp6F
yo3Hc5NnS0Oae17Z1gMeQ94V/XuvEEAsQax5J3f1gU00q7/kbx9xrSJs7OXuXU5V
aUWDxbCa5DE8BrEXPoytmNQRy8dPjSes2Ve66augyCPk8AJ5z0BMHr/Mjw6v6h6P
naf4l9BM0rPDuUfMJwT8KjqefgY5KnKkRwR2NttKiGupsqcTGoYG5ZZZZlyk1vt4
o6/G9p6iY8edO5xU7rymIIQSffGlksO7NMByiDw+NI6PlI8sSUDqUsvoRhWqJ7ZH
+3EZQNaj9rHxoWL4suOTPeAixbzfZ1HtqBl5jaTp3tuzBFp+BTMWlvoup9GXGEq1
eczkhBekBJMZOqWjL7erLxkfeCYmyhtVbGVanjWqOKigMDojS8Me1MgLY1AyUfiA
sgOI0mjJGcl5w2iWe9T2WdN4Adu02et1yQ7Hu+J7Oqw4V9E5gw0DqbECNay3ttx9
8TSXFnyqido=
=NuwC
- -----END PGP SIGNATURE-----
- ------------------------------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: polkit security update
Advisory ID: RHSA-2022:0273-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0273
Issue date: 2022-01-25
CVE Names: CVE-2021-4034
=====================================================================
1. Summary:
An update for polkit is now available for Red Hat Enterprise Linux 7.7
Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP
Solutions.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64
Red Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64
Red Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64
3. Description:
The polkit packages provide a component for controlling system-wide
privileges. This component provides a uniform and organized way for
non-privileged processes to communicate with privileged ones.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of
argument vector (CVE-2021-4034)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector
6. Package List:
Red Hat Enterprise Linux Server AUS (v. 7.7):
Source:
polkit-0.112-22.el7_7.2.src.rpm
noarch:
polkit-docs-0.112-22.el7_7.2.noarch.rpm
x86_64:
polkit-0.112-22.el7_7.2.i686.rpm
polkit-0.112-22.el7_7.2.x86_64.rpm
polkit-debuginfo-0.112-22.el7_7.2.i686.rpm
polkit-debuginfo-0.112-22.el7_7.2.x86_64.rpm
polkit-devel-0.112-22.el7_7.2.i686.rpm
polkit-devel-0.112-22.el7_7.2.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.7):
Source:
polkit-0.112-22.el7_7.2.src.rpm
noarch:
polkit-docs-0.112-22.el7_7.2.noarch.rpm
ppc64le:
polkit-0.112-22.el7_7.2.ppc64le.rpm
polkit-debuginfo-0.112-22.el7_7.2.ppc64le.rpm
polkit-devel-0.112-22.el7_7.2.ppc64le.rpm
x86_64:
polkit-0.112-22.el7_7.2.i686.rpm
polkit-0.112-22.el7_7.2.x86_64.rpm
polkit-debuginfo-0.112-22.el7_7.2.i686.rpm
polkit-debuginfo-0.112-22.el7_7.2.x86_64.rpm
polkit-devel-0.112-22.el7_7.2.i686.rpm
polkit-devel-0.112-22.el7_7.2.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.7):
Source:
polkit-0.112-22.el7_7.2.src.rpm
noarch:
polkit-docs-0.112-22.el7_7.2.noarch.rpm
x86_64:
polkit-0.112-22.el7_7.2.i686.rpm
polkit-0.112-22.el7_7.2.x86_64.rpm
polkit-debuginfo-0.112-22.el7_7.2.i686.rpm
polkit-debuginfo-0.112-22.el7_7.2.x86_64.rpm
polkit-devel-0.112-22.el7_7.2.i686.rpm
polkit-devel-0.112-22.el7_7.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-4034
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYfCFX9zjgjWX9erEAQgPOQ//b9MRzMYCC91JW0FoWO/qW+0YTf9VbXPF
KbotTfUZWRw9ppcWr5bcECwd5Ax9Nuio+W0F2BbE4L0zji3Kh9CsMBVFjjHI6xQU
uKIs8nsxMPbIV4r2ChlxYfmkGKwIKL4Bsgv77JX6VyGRy7iXmTywsuRChbyAeO+U
QEi/csHpFKx3aCCckCYpWUELl3/ZSnb6O6B2OdblF7EI6T7DyMTzONwpQLwvST3I
tVFWjP2B6fHXIHDPhcjMiar4iaKlAG4vSRQNh6QvY9eBwahPcTaMae/Q7H1xiGb8
DAyuqWk0xClpp7EajKSonSJZZ1gI04rfUCPAsqgyPLLXz2ZH5h5Zlca+C/5hTUlF
57VFBU9KARqZDr/l1OE0rpFbG7PMbVs/3edDqnYgLl9wW+2Zf5zka1fpKWhNNmiz
ivNb7/ssQbSc+P8FpN1WYtjjdIXauMiu6LpopzlMRKQBByOoV7O50Fzl2bOYbg5w
y5ffn8jaTLTaX/Z1mmYflOLE0otEMjPUcklqZtmyvkn9+de6/wwnzZINAKRYUHfi
G3zVgpChluFLLhbX9W9d/tSJCPhFbEXCswmpLJMQ/fMPJmBrO71FOKqjTvng4+/G
cyM5Wtg0aSD/bbhSilydfS4T0S5z3AFrGsZopDXZ08/S8tdE3jUkIDGetBBZvD9J
hdzh/b1T/+8=
=eHNs
- -----END PGP SIGNATURE-----
- ------------------------------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: polkit security update
Advisory ID: RHSA-2022:0274-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0274
Issue date: 2022-01-25
CVE Names: CVE-2021-4034
=====================================================================
1. Summary:
An update for polkit is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
3. Description:
The polkit packages provide a component for controlling system-wide
privileges. This component provides a uniform and organized way for
non-privileged processes to communicate with privileged ones.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of
argument vector (CVE-2021-4034)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
polkit-0.112-26.el7_9.1.src.rpm
x86_64:
polkit-0.112-26.el7_9.1.i686.rpm
polkit-0.112-26.el7_9.1.x86_64.rpm
polkit-debuginfo-0.112-26.el7_9.1.i686.rpm
polkit-debuginfo-0.112-26.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch:
polkit-docs-0.112-26.el7_9.1.noarch.rpm
x86_64:
polkit-debuginfo-0.112-26.el7_9.1.i686.rpm
polkit-debuginfo-0.112-26.el7_9.1.x86_64.rpm
polkit-devel-0.112-26.el7_9.1.i686.rpm
polkit-devel-0.112-26.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
polkit-0.112-26.el7_9.1.src.rpm
x86_64:
polkit-0.112-26.el7_9.1.i686.rpm
polkit-0.112-26.el7_9.1.x86_64.rpm
polkit-debuginfo-0.112-26.el7_9.1.i686.rpm
polkit-debuginfo-0.112-26.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch:
polkit-docs-0.112-26.el7_9.1.noarch.rpm
x86_64:
polkit-debuginfo-0.112-26.el7_9.1.i686.rpm
polkit-debuginfo-0.112-26.el7_9.1.x86_64.rpm
polkit-devel-0.112-26.el7_9.1.i686.rpm
polkit-devel-0.112-26.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
polkit-0.112-26.el7_9.1.src.rpm
noarch:
polkit-docs-0.112-26.el7_9.1.noarch.rpm
ppc64:
polkit-0.112-26.el7_9.1.ppc.rpm
polkit-0.112-26.el7_9.1.ppc64.rpm
polkit-debuginfo-0.112-26.el7_9.1.ppc.rpm
polkit-debuginfo-0.112-26.el7_9.1.ppc64.rpm
polkit-devel-0.112-26.el7_9.1.ppc.rpm
polkit-devel-0.112-26.el7_9.1.ppc64.rpm
ppc64le:
polkit-0.112-26.el7_9.1.ppc64le.rpm
polkit-debuginfo-0.112-26.el7_9.1.ppc64le.rpm
polkit-devel-0.112-26.el7_9.1.ppc64le.rpm
s390x:
polkit-0.112-26.el7_9.1.s390.rpm
polkit-0.112-26.el7_9.1.s390x.rpm
polkit-debuginfo-0.112-26.el7_9.1.s390.rpm
polkit-debuginfo-0.112-26.el7_9.1.s390x.rpm
polkit-devel-0.112-26.el7_9.1.s390.rpm
polkit-devel-0.112-26.el7_9.1.s390x.rpm
x86_64:
polkit-0.112-26.el7_9.1.i686.rpm
polkit-0.112-26.el7_9.1.x86_64.rpm
polkit-debuginfo-0.112-26.el7_9.1.i686.rpm
polkit-debuginfo-0.112-26.el7_9.1.x86_64.rpm
polkit-devel-0.112-26.el7_9.1.i686.rpm
polkit-devel-0.112-26.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
polkit-0.112-26.el7_9.1.src.rpm
noarch:
polkit-docs-0.112-26.el7_9.1.noarch.rpm
x86_64:
polkit-0.112-26.el7_9.1.i686.rpm
polkit-0.112-26.el7_9.1.x86_64.rpm
polkit-debuginfo-0.112-26.el7_9.1.i686.rpm
polkit-debuginfo-0.112-26.el7_9.1.x86_64.rpm
polkit-devel-0.112-26.el7_9.1.i686.rpm
polkit-devel-0.112-26.el7_9.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-4034
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYfCFatzjgjWX9erEAQhpKg/+LhOLdP8hjpv+3hJgF6iJuIjK9pOslbjG
FaXBkPYJs8cLYjo6yaq+N3cMe1YfYtCAfCG7o1GbnQ133FCcmTmI9LguqtXL78AQ
p2ebqMfAp4Xof03TkFGNWZR8McQiXtV0kxGuWKkDh3f8ch2KJmaIeVs6ctoTaMQJ
viIBeOya6H7RCHatCzDvgrrrX6scHGrewa7ne9VwcusPXvRF86xYds2qp9ZZuau3
HgXvsXvECmq06nDZgCMQJ6/ecego7GDz/EDZgCr6rPirftiYeaHpqIvPHRbEuiUh
tFlkV0X5fK6gjbPBlp9QZPE4JZESmHg7N//SRqWuwE4hVBrB5GqO0SZE52rGTyq9
RypkyRria7pc1x6kMNQlFH5e776BAdy3+3zg42iaHociUwlNdAB7bEUQtn+OJHZv
uh1yY6fZM5gvTJvbaeg8Aq0TAnGLP1JOcQT1p8g5qsaNC61Tyzmj59aBIMRkyud6
f5VXcxsVD96XXwbKDCcnYBPs4fXE7xg1WuxTr/NiLOuy19vhnH/y5EVJTe1IpLqc
RXfWCzYo2AGxiTNnEhE/FSAs8e4V7FS7m+Oty6HAuXXMrNrUF0JMMURyScUEbe79
Tu/XEGW58h9MTP8kt59O3cOnpHgFAS2ZWmooXkdvO4sCLh9ugFLP8lpTvpUpZmTq
529DIgncmPA=
=NOdQ
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYfHpkONLKJtyKPYoAQh1Nw//bqUsGnJt6sAOFbfx869zJDmIu6lJEqbI
0QJfEkqv8g8XeSrANpcUfYVr10szEjNxv8W0r7IioGE3Y+iV2+AH2jTqGykMHpYG
OMYip9hJKwnhjZJg3gC2wtjBKVFZd//4CmkdJUAFbfGD8tiUXbc0Kd84Ub7L/a5B
WixBIyUXqK4FoZhbRWW1fm+nTlsWvyUbzjsvgpenWXHL+kwW3TmhDismURA7VyYa
Ja8kYY3h0v/1SrSTLt1GoWmiuzCvEbfr8GRDYO4XUd+3wgMyJo7gyI1Llj7zHnGy
EWDoKbCUkfK+VSBBH8h2YQq9/C0xgS1J75qCc5v/+2MY/dVpIoMcf6u1+X0g0n0M
tranKIlf1hl3jZGJIo0qnxh/+nyftnsd89wcXJ8FPxMvMTk8PuLQSLLSSGc5Zq/i
2ps49XUDY+vwk85YJDZiBj/+B+YTgN5uR6Q2bGkXlk9lb9g8nVV2AMGmrLVoATRo
QpuTDomYJ2lqSVVqE6uhIo2GP3GZPjXQVJVpna5uBMtIC90erf2gfVmqHPjagJin
LRuBN9r+M1CuB9TMfL/rZVwG9w7GqjPBKVJtHYsWW714N9wzSxDdj7n8EXAgoDdh
+MFIixEEIJwHWljhk0pMexzr9EtRmVx9WK19X1Gl/ocI5pWUs7WoLrs2gG2+Q4rF
cTLnh9U2s0E=
=nbuu
-----END PGP SIGNATURE-----