Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0352 polkit security update 27 January 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: polkit Publisher: Red Hat Operating System: Red Hat UNIX variants (UNIX, Linux, OSX) Impact/Access: Increased Privileges -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-4034 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:0265 https://access.redhat.com/errata/RHSA-2022:0266 https://access.redhat.com/errata/RHSA-2022:0267 https://access.redhat.com/errata/RHSA-2022:0268 https://access.redhat.com/errata/RHSA-2022:0269 https://access.redhat.com/errata/RHSA-2022:0270 https://access.redhat.com/errata/RHSA-2022:0271 https://access.redhat.com/errata/RHSA-2022:0272 https://access.redhat.com/errata/RHSA-2022:0273 https://access.redhat.com/errata/RHSA-2022:0274 Comment: This advisory references vulnerabilities in products which run on platforms other than Red Hat. It is recommended that administrators running polkit check for an updated version of the software for their operating system. This bulletin contains ten (10) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: polkit security update Advisory ID: RHSA-2022:0265-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0265 Issue date: 2022-01-25 CVE Names: CVE-2021-4034 ===================================================================== 1. Summary: An update for polkit is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix(es): * polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: polkit-0.115-11.el8_2.2.src.rpm aarch64: polkit-0.115-11.el8_2.2.aarch64.rpm polkit-debuginfo-0.115-11.el8_2.2.aarch64.rpm polkit-debugsource-0.115-11.el8_2.2.aarch64.rpm polkit-devel-0.115-11.el8_2.2.aarch64.rpm polkit-libs-0.115-11.el8_2.2.aarch64.rpm polkit-libs-debuginfo-0.115-11.el8_2.2.aarch64.rpm noarch: polkit-docs-0.115-11.el8_2.2.noarch.rpm ppc64le: polkit-0.115-11.el8_2.2.ppc64le.rpm polkit-debuginfo-0.115-11.el8_2.2.ppc64le.rpm polkit-debugsource-0.115-11.el8_2.2.ppc64le.rpm polkit-devel-0.115-11.el8_2.2.ppc64le.rpm polkit-libs-0.115-11.el8_2.2.ppc64le.rpm polkit-libs-debuginfo-0.115-11.el8_2.2.ppc64le.rpm s390x: polkit-0.115-11.el8_2.2.s390x.rpm polkit-debuginfo-0.115-11.el8_2.2.s390x.rpm polkit-debugsource-0.115-11.el8_2.2.s390x.rpm polkit-devel-0.115-11.el8_2.2.s390x.rpm polkit-libs-0.115-11.el8_2.2.s390x.rpm polkit-libs-debuginfo-0.115-11.el8_2.2.s390x.rpm x86_64: polkit-0.115-11.el8_2.2.x86_64.rpm polkit-debuginfo-0.115-11.el8_2.2.i686.rpm polkit-debuginfo-0.115-11.el8_2.2.x86_64.rpm polkit-debugsource-0.115-11.el8_2.2.i686.rpm polkit-debugsource-0.115-11.el8_2.2.x86_64.rpm polkit-devel-0.115-11.el8_2.2.i686.rpm polkit-devel-0.115-11.el8_2.2.x86_64.rpm polkit-libs-0.115-11.el8_2.2.i686.rpm polkit-libs-0.115-11.el8_2.2.x86_64.rpm polkit-libs-debuginfo-0.115-11.el8_2.2.i686.rpm polkit-libs-debuginfo-0.115-11.el8_2.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4034 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfCFUdzjgjWX9erEAQh3dA/+KZY5O0pnl37K6DHm17OMlGyhTugxaWte L982VsaIFT6SqKTrc1vAog6rdSyK3l1GM05HMuGOE2jx2Tkdjx58JyzVzSJJLSts O/bgeROVDyjzg3vucIK5jATAvD5WkrSlgI3/y7yzm0MO4W8xbhWmgNhuuMDbIF89 2099LUux/rkaXIQDgGia+FzUcFGttlck9BNHO5hL/4yyDCLTv+/LTIJALObA8Stf t98hAXYiU7f4E1d7tAsz/OpgV2GP/QRx/nn2RrXtVlm3neBGOGjcti+jImVNyxrQ XB4/L99SeTpV0UbFC7b2MCmF8A/BaViq5XGcpeG2tq4+SLH67CAA1vuOfmqeP1cN T9Ojgd3sf156r8Y+fQe0XoFop932k8hyvwnCRtdmVL0Wj7maRPh982Tczuz2OUY5 TNPETSf8oCEHxxSH1Gc89k/Hy0OugTxoxjZxuX/tJXXIkRTa30eUcPAmVd9VyvSL hJBHl6yW/UO5zzLp/l1dbf+7GW51BxAh7kl1UBRAmjA74qulK77BJumhvc9+NdVq fymdu0yZoX5xlzgawXPeJM3CeYBgtz1VcXSH++8VFyPLvYzgl4SPIeopnlSHnlsw csNFVvf01LI/Unk3Qn5obUurMp+Sw2GlHRJsURyoG7ZdHAcpAvtV0w0Jq0PTJvKM JLPjvKL+T94= =I6iA - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: polkit security update Advisory ID: RHSA-2022:0266-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0266 Issue date: 2022-01-25 CVE Names: CVE-2021-4034 ===================================================================== 1. Summary: An update for polkit is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix(es): * polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v.8.4): Source: polkit-0.115-11.el8_4.2.src.rpm aarch64: polkit-0.115-11.el8_4.2.aarch64.rpm polkit-debuginfo-0.115-11.el8_4.2.aarch64.rpm polkit-debugsource-0.115-11.el8_4.2.aarch64.rpm polkit-devel-0.115-11.el8_4.2.aarch64.rpm polkit-libs-0.115-11.el8_4.2.aarch64.rpm polkit-libs-debuginfo-0.115-11.el8_4.2.aarch64.rpm noarch: polkit-docs-0.115-11.el8_4.2.noarch.rpm ppc64le: polkit-0.115-11.el8_4.2.ppc64le.rpm polkit-debuginfo-0.115-11.el8_4.2.ppc64le.rpm polkit-debugsource-0.115-11.el8_4.2.ppc64le.rpm polkit-devel-0.115-11.el8_4.2.ppc64le.rpm polkit-libs-0.115-11.el8_4.2.ppc64le.rpm polkit-libs-debuginfo-0.115-11.el8_4.2.ppc64le.rpm s390x: polkit-0.115-11.el8_4.2.s390x.rpm polkit-debuginfo-0.115-11.el8_4.2.s390x.rpm polkit-debugsource-0.115-11.el8_4.2.s390x.rpm polkit-devel-0.115-11.el8_4.2.s390x.rpm polkit-libs-0.115-11.el8_4.2.s390x.rpm polkit-libs-debuginfo-0.115-11.el8_4.2.s390x.rpm x86_64: polkit-0.115-11.el8_4.2.x86_64.rpm polkit-debuginfo-0.115-11.el8_4.2.i686.rpm polkit-debuginfo-0.115-11.el8_4.2.x86_64.rpm polkit-debugsource-0.115-11.el8_4.2.i686.rpm polkit-debugsource-0.115-11.el8_4.2.x86_64.rpm polkit-devel-0.115-11.el8_4.2.i686.rpm polkit-devel-0.115-11.el8_4.2.x86_64.rpm polkit-libs-0.115-11.el8_4.2.i686.rpm polkit-libs-0.115-11.el8_4.2.x86_64.rpm polkit-libs-debuginfo-0.115-11.el8_4.2.i686.rpm polkit-libs-debuginfo-0.115-11.el8_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4034 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfCFOtzjgjWX9erEAQiDbRAAg7MqhjSqhPLnXD6EDEMGQRVn7DBHcXMZ RBlr8tnh6zkG2UDOixNOZfTZIFjO8nyUkn8xu+AoBrrlLl5Ab7YmFR0n2EH1tH2T gzCndWDWa42UwlbydSjoezr+qVhCqRtWbTxSakHNvL4UO4ZswzM7vFPz9JYUXFnE DrbfAV0dhzgQp3GL2IQ4PDMVBtzdulYp+53XJ8fVJQLpgeqVf0Kpoh9x4JechBJG /7C4xyDWmBMf8AXUNYDem1iMmvyji8zUU4+2I71tz2aE+2/kGHtXtqmlNdUbC8Em /TlXsh+KtDcjcr413JKLvq5LD+MpkjSET+HArNoHQfJ1EECn3PT0fDXw+zF6nLTd bksTgEew7tMRTmk3sJBQ5Mkb4XHrHx+tXK1MupMVLRlOsy+pLXG2RKkROkPJe+/U GHKqrb3kXqTMagrUk5BrFCtfaCqq/wUFlBQDQsn6LJDh1t290CkKXzQRVwZSl96d tP0EzRMdJcg92vWumjbFvCgmfh6/BKoJd2xohLxp+FAkooDqKPspILWJDlaFguZ9 EM2luzM+4+OtpKKTiUhivmTul3yl9cJdef0eF7hX48bjunjc9ikznmZvID5b/PR3 nt6seYAVGXjocZPIiRJyi/QGLur9wvvtCY7CljipE2hGGA2j4AohPVkO2Auy9CdT bSrNWt5Hpa0= =j6Hu - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: polkit security update Advisory ID: RHSA-2022:0267-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0267 Issue date: 2022-01-25 CVE Names: CVE-2021-4034 ===================================================================== 1. Summary: An update for polkit is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix(es): * polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: polkit-0.115-13.el8_5.1.src.rpm aarch64: polkit-0.115-13.el8_5.1.aarch64.rpm polkit-debuginfo-0.115-13.el8_5.1.aarch64.rpm polkit-debugsource-0.115-13.el8_5.1.aarch64.rpm polkit-devel-0.115-13.el8_5.1.aarch64.rpm polkit-libs-0.115-13.el8_5.1.aarch64.rpm polkit-libs-debuginfo-0.115-13.el8_5.1.aarch64.rpm noarch: polkit-docs-0.115-13.el8_5.1.noarch.rpm ppc64le: polkit-0.115-13.el8_5.1.ppc64le.rpm polkit-debuginfo-0.115-13.el8_5.1.ppc64le.rpm polkit-debugsource-0.115-13.el8_5.1.ppc64le.rpm polkit-devel-0.115-13.el8_5.1.ppc64le.rpm polkit-libs-0.115-13.el8_5.1.ppc64le.rpm polkit-libs-debuginfo-0.115-13.el8_5.1.ppc64le.rpm s390x: polkit-0.115-13.el8_5.1.s390x.rpm polkit-debuginfo-0.115-13.el8_5.1.s390x.rpm polkit-debugsource-0.115-13.el8_5.1.s390x.rpm polkit-devel-0.115-13.el8_5.1.s390x.rpm polkit-libs-0.115-13.el8_5.1.s390x.rpm polkit-libs-debuginfo-0.115-13.el8_5.1.s390x.rpm x86_64: polkit-0.115-13.el8_5.1.x86_64.rpm polkit-debuginfo-0.115-13.el8_5.1.i686.rpm polkit-debuginfo-0.115-13.el8_5.1.x86_64.rpm polkit-debugsource-0.115-13.el8_5.1.i686.rpm polkit-debugsource-0.115-13.el8_5.1.x86_64.rpm polkit-devel-0.115-13.el8_5.1.i686.rpm polkit-devel-0.115-13.el8_5.1.x86_64.rpm polkit-libs-0.115-13.el8_5.1.i686.rpm polkit-libs-0.115-13.el8_5.1.x86_64.rpm polkit-libs-debuginfo-0.115-13.el8_5.1.i686.rpm polkit-libs-debuginfo-0.115-13.el8_5.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4034 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfCFSNzjgjWX9erEAQjH5g/+Ow1LenqO68H0K6bmZODmtmddFl/JaIly 5Ggqn2I5E73G6EIQc8mjaby1Nlp7mpZd0zoXuk4fsoOUx7jv70Vuf7cbYr56ojuu 9NTAHtPh62Dh320JlMlIO3e8DXjd2m13+MlycjlczGt+d14yj88CfItr9H39DXtR /0KnoglLvo/K8296xl3BD5x9xMB7DQFoOznpsDkIIv9znEpXDDduo8aZ6PQHINdo lrjjzaWYKavpnblRYEX1tTHpG3T9FHoV+9VQXKHFjtwR+ZQ2xq3bWebvUwCLxtYi Mzs0tWwA7AiunvoxEdga9vz/1mIPI/rx9MxrzeinOQxQ9oCX6XQsoDBTGr8KZFq1 83BNqaIZyCa7ng6sbH84sG/FNRyTisNDNTVaW/vU3hVGP/chJrpVRuJqmp2oVtXg Vhn6yfpbRqA6lmSUvh8sJQlLKnUvsfXBs0GSr9mHW8qoeDRSKXbgd+KpxIakkAOd Jg2R1C1aTi86Nb3+NEbDd8Z2+OidFg4l1nD13lYh6Edwyr8dMGhL80JB4WEr8Nih BgzN9HbqkTjPxMzwc/cfqM4hZnCO55zE5KWqsVifRY0OA/dbjfpAiTjFNMcRPGDN ShGNyfsuIvlr4W1HJfTs8vTAB0W9JgamtjKfef07ZAw3dCu4b2Qsf5AjkIIyyL1k KENkA/YGKSA= =hm0D - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: polkit security update Advisory ID: RHSA-2022:0268-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0268 Issue date: 2022-01-25 CVE Names: CVE-2021-4034 ===================================================================== 1. Summary: An update for polkit is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - noarch, ppc64le, x86_64 3. Description: The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix(es): * polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector 6. Package List: Red Hat Enterprise Linux BaseOS E4S (v. 8.1): Source: polkit-0.115-9.el8_1.2.src.rpm noarch: polkit-docs-0.115-9.el8_1.2.noarch.rpm ppc64le: polkit-0.115-9.el8_1.2.ppc64le.rpm polkit-debuginfo-0.115-9.el8_1.2.ppc64le.rpm polkit-debugsource-0.115-9.el8_1.2.ppc64le.rpm polkit-devel-0.115-9.el8_1.2.ppc64le.rpm polkit-libs-0.115-9.el8_1.2.ppc64le.rpm polkit-libs-debuginfo-0.115-9.el8_1.2.ppc64le.rpm x86_64: polkit-0.115-9.el8_1.2.x86_64.rpm polkit-debuginfo-0.115-9.el8_1.2.i686.rpm polkit-debuginfo-0.115-9.el8_1.2.x86_64.rpm polkit-debugsource-0.115-9.el8_1.2.i686.rpm polkit-debugsource-0.115-9.el8_1.2.x86_64.rpm polkit-devel-0.115-9.el8_1.2.i686.rpm polkit-devel-0.115-9.el8_1.2.x86_64.rpm polkit-libs-0.115-9.el8_1.2.i686.rpm polkit-libs-0.115-9.el8_1.2.x86_64.rpm polkit-libs-debuginfo-0.115-9.el8_1.2.i686.rpm polkit-libs-debuginfo-0.115-9.el8_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4034 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfCFpNzjgjWX9erEAQjYQg/8DhdcAsypRrK1iyUDmcamWItxaJCNFUQV 3Ld1wwJD4GJuS9Kk4GThO/VVIeF4zEwTz3odbm89yIZzi8FbjIOXTZcispRypjXJ ICR1RUOyriZzpwEXUTBZ+/q0dltArUu34fi/S7zqDtB1HxBFCVjNCra45PEse9h+ 8W2KLOneBYB6bvDLFAz3Q2O/dhFq/2RpxVBskoY3C9JNd8kUDsmpEjOai936QErH U8NWW5N1uO9Bh2/IX89mu72mcl4kfWpALAbT6gbXywlHzx3huCBjmSpNZvKVAImW YuKfXcIvix4LZidMydIhtEJHL08vxzbhxjgpzbeXTWST++35A7yzv7NZdznHa/2/ hXMofDL4hDQDcfht9HKRYSYrFUf+fGhg4vOpBP9flRtMwzBKdx/yPQlzkSuuiNPM zEBCnP9OVndlVdCjjGTDfPdCWQj6lvL5OHbZ+oDkXl7tq10n3JsJUxt1VqWE/QFo GSJjtqyjMAVSsgV7IR/aBuIooMy1X7RcRUIXRLsDIot5mb0B3KGi1AydWkXVGGof Pfsvbw3SnWPKLBPJmp32CwvQFuXUC+ZE6V1rLlwCdmWDPfN2fMo5agz6Uln7x54+ IrEjTdSoTtjOV54OTmCHmnPH8xy4GXOt6rVSnDFscsDT0/uIUnOo+5bh9HX8iJbv 7H8n/zjA7hw= =O6hl - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: polkit security update Advisory ID: RHSA-2022:0269-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0269 Issue date: 2022-01-25 CVE Names: CVE-2021-4034 ===================================================================== 1. Summary: An update for polkit is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6 ELS) - i386, noarch, s390x, x86_64 3. Description: The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix(es): * polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector 6. Package List: Red Hat Enterprise Linux Server (v. 6 ELS): Source: polkit-0.96-11.el6_10.2.src.rpm i386: polkit-0.96-11.el6_10.2.i686.rpm polkit-debuginfo-0.96-11.el6_10.2.i686.rpm polkit-devel-0.96-11.el6_10.2.i686.rpm polkit-docs-0.96-11.el6_10.2.i686.rpm noarch: polkit-desktop-policy-0.96-11.el6_10.2.noarch.rpm s390x: polkit-0.96-11.el6_10.2.s390.rpm polkit-0.96-11.el6_10.2.s390x.rpm polkit-debuginfo-0.96-11.el6_10.2.s390.rpm polkit-debuginfo-0.96-11.el6_10.2.s390x.rpm polkit-devel-0.96-11.el6_10.2.s390.rpm polkit-devel-0.96-11.el6_10.2.s390x.rpm polkit-docs-0.96-11.el6_10.2.s390x.rpm x86_64: polkit-0.96-11.el6_10.2.i686.rpm polkit-0.96-11.el6_10.2.x86_64.rpm polkit-debuginfo-0.96-11.el6_10.2.i686.rpm polkit-debuginfo-0.96-11.el6_10.2.x86_64.rpm polkit-devel-0.96-11.el6_10.2.i686.rpm polkit-devel-0.96-11.el6_10.2.x86_64.rpm polkit-docs-0.96-11.el6_10.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4034 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfCF7tzjgjWX9erEAQjO4Q/9FOYYyKrY4ZF/gPytRYFoyzL1L98i+igD PbZORA8NcZVz6/DcjmACAQeid4Sj3WSUmy80gdanECLWwWIo5LDjJ8Wneo9pk7kw SGVHOg+wdiiGYBi/z0Zn11/FuXtDMHqEiYXJWhMDpF7UWuNzj1izp6qNyB2fKpfg VF2VyCPnGN1s9KS5UCflOgDirsQ56hExxz3fNLMkBPxBoMfBwtftsP1H96DmV0ZR u42cn+nC54sU036hiQLEpi4EFk4Oq1Y4fLi+innqtqT0JehOl9pWfBSauQjERwLO wCzZcifptDqlO66PR0XnzIDAONlgJsg+Fvih2gCZV6nSXgWCL5NecmS/MeXYacuw 4y3TA/QT+P7bNZjGBRXkeLNP++2Li68KtLeCX6UdVvLhFhKvN0yvMFgeD0/2llKB NZhPgESwWb5hQurMAce3TrBYGhpY6wLqZJPwD4NN6J+8fwujT938Rq/vsxBD8DuS TQHVO2ZDAeJX+vV4Dep8SVYBCl9BdK762TTM9Ejcos1DrA9DW1yoSAMZppz3MgcJ emW0TMVD3IrHNq9P9+xDlvJ00tHPc8/XnuLDLhO7GdMoPJYLq85GUJpmwHB0YBF+ LZ6A0GGf2FrkYr2wO2I8zy4FlwRK5rS25xG5TAPu8aH5hfkc3klvj3hDjx4vqGyx S5SlsHD7cds= =MPAF - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: polkit security update Advisory ID: RHSA-2022:0270-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0270 Issue date: 2022-01-25 CVE Names: CVE-2021-4034 ===================================================================== 1. Summary: An update for polkit is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.3) - noarch, x86_64 3. Description: The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix(es): * polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.3): Source: polkit-0.112-12.el7_3.1.src.rpm noarch: polkit-docs-0.112-12.el7_3.1.noarch.rpm x86_64: polkit-0.112-12.el7_3.1.i686.rpm polkit-0.112-12.el7_3.1.x86_64.rpm polkit-debuginfo-0.112-12.el7_3.1.i686.rpm polkit-debuginfo-0.112-12.el7_3.1.x86_64.rpm polkit-devel-0.112-12.el7_3.1.i686.rpm polkit-devel-0.112-12.el7_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4034 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfCF5tzjgjWX9erEAQgrWQ/+NLhNp68nJlgfO3Y75rxMER0zuiU/NvFY S4YQcm+6PFPlxqRXMveiAWaAIcawQGWhWgs7d1kt37IBUHfh69NahLHF6D44Cxbf byEZHFVXRcKn4Aw7a1rmzXu03IZhSNvl4MXZpiiYPrg7ei3nR4RDqh4pPsPGN0vX qMZb4NvjsKFhJMKXEaEFJXB3/MLOTRpn1AMXz7CXR0RnNZQcgqWXpHZeXR/W3K1D 2vkP0Tq94bXepDe4zXq1swHSW2oQDL4ZWRztWSHc6V2J6wfh+bSYIGK+TVCMlr4V lGy7WTsZZUrwynIIf82JDnM2r7VWEwfTMq+VMos7ClE/vEzwv7GrCDLaAVVea0Ev nvqCZ+FU0RwTdlpTIbMynrTkyj5W08Z+eTnBR4BH3ehiO25lejj+xpWWU5A+yzd2 Q0O+gqrD4U1/8+EuZzyYOe0I8j9OWLxzbMUHqN4uHsBwngF4OvDiqiesOxjx0fuD SQFFVYT++UDVTQcwLxuX32wpZq1BSG4JBFVPafoyeZCJgFHiMhw5k/I33N5SfIth 3VVrkqovhRpXLGWGH5G0ORy0qEYbsEQ/YwDLv7wsu6eSllrmCJNif6BpX974ZszO Z0Gu/DOJ3lp8cHW6UIEa8hvoa7L2n/zPqA1A8czn/rP0CHxJwrHu/JR58oubqxyJ S2k1PsUMGaQ= =oJp9 - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: polkit security update Advisory ID: RHSA-2022:0271-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0271 Issue date: 2022-01-25 CVE Names: CVE-2021-4034 ===================================================================== 1. Summary: An update for polkit is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64 3. Description: The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix(es): * polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.6): Source: polkit-0.112-18.el7_6.3.src.rpm noarch: polkit-docs-0.112-18.el7_6.3.noarch.rpm x86_64: polkit-0.112-18.el7_6.3.i686.rpm polkit-0.112-18.el7_6.3.x86_64.rpm polkit-debuginfo-0.112-18.el7_6.3.i686.rpm polkit-debuginfo-0.112-18.el7_6.3.x86_64.rpm polkit-devel-0.112-18.el7_6.3.i686.rpm polkit-devel-0.112-18.el7_6.3.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.6): Source: polkit-0.112-18.el7_6.3.src.rpm noarch: polkit-docs-0.112-18.el7_6.3.noarch.rpm ppc64le: polkit-0.112-18.el7_6.3.ppc64le.rpm polkit-debuginfo-0.112-18.el7_6.3.ppc64le.rpm polkit-devel-0.112-18.el7_6.3.ppc64le.rpm x86_64: polkit-0.112-18.el7_6.3.i686.rpm polkit-0.112-18.el7_6.3.x86_64.rpm polkit-debuginfo-0.112-18.el7_6.3.i686.rpm polkit-debuginfo-0.112-18.el7_6.3.x86_64.rpm polkit-devel-0.112-18.el7_6.3.i686.rpm polkit-devel-0.112-18.el7_6.3.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.6): Source: polkit-0.112-18.el7_6.3.src.rpm noarch: polkit-docs-0.112-18.el7_6.3.noarch.rpm x86_64: polkit-0.112-18.el7_6.3.i686.rpm polkit-0.112-18.el7_6.3.x86_64.rpm polkit-debuginfo-0.112-18.el7_6.3.i686.rpm polkit-debuginfo-0.112-18.el7_6.3.x86_64.rpm polkit-devel-0.112-18.el7_6.3.i686.rpm polkit-devel-0.112-18.el7_6.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4034 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfCFvdzjgjWX9erEAQjMTA//RP7Fr+gBz580MJ69dF+pgMTncLfODjVN EfzEnfK+7+38WVOcnFCmO3jyQsI/jbtJATnNuO+kSEzMtI1XDYfmOl+jyqyPaw4J OrzdJeH9fSLK8yNH2+SZoyU5KQ1UEVe/cf0ZeYIm8WUeAB4ZmZarZxvr5DACChjN sWEbMYv3PSzAaGEsRY/QvC4OhS5FKp9e63pMhk2zyj+fAzhCJph5wCrQv0hMy9uJ YmetFakJlJ5BCoALPZd1lAgG+mOq1/VLjhNuNUEqSjFnxYMQpDyT+0jqL6NKP5vv 0a8+Sv+R4jtElefdCPq8TtGPz/lehiwQL8sDiLpjsIPXX8FVeStgRPoi4ZV3YWnK vBfck9/dkT7TWJC5NnET7KZMtqVuWFApKU9fmB9Rnrclc4pZgQ3ERn5CKygyu916 U2zxntbTi2rHO1MspB9PDjnNpcbM8uKdHFNfRVXr2Q+N0hL/S83HdG7p2yQDt8P1 ApIoumaNqJ0vP+XJ37PBYGunsNqwkkOAQNktM8bHN2BfIUEAmzfZAyQAEwwcQyuR oOqvcYe0YHIoZXge7MVght4K2u28QFuV2itgC0Xcd9Yhjb9P2pY3lx+eWf8Hx5+S cbhCzbLRYUy+XcaetA5eTIcj+f3dNF2XxVeUPkyYm1RHI9xtB+5KVFmx4k//nOu2 wEfNvkG7gHU= =ZXR+ - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: polkit security update Advisory ID: RHSA-2022:0272-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0272 Issue date: 2022-01-25 CVE Names: CVE-2021-4034 ===================================================================== 1. Summary: An update for polkit is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 3. Description: The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix(es): * polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: polkit-0.112-12.el7_4.2.src.rpm noarch: polkit-docs-0.112-12.el7_4.2.noarch.rpm x86_64: polkit-0.112-12.el7_4.2.i686.rpm polkit-0.112-12.el7_4.2.x86_64.rpm polkit-debuginfo-0.112-12.el7_4.2.i686.rpm polkit-debuginfo-0.112-12.el7_4.2.x86_64.rpm polkit-devel-0.112-12.el7_4.2.i686.rpm polkit-devel-0.112-12.el7_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4034 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfCFdNzjgjWX9erEAQgv1g//d7X814nRkwoj4yGB7PJjAXzD//rEyB8B JinOEe3Qflmfry+HjCxpmOJcs5zy1gaTIyniYBVui3TUyO6/iV0HXVMIhc1HUhUN R2Pbpah67DgE8IeWmdwCW7w0iIrpMx8EKoqUgp5MkrkaTFSbmn6IecbvadlGN/AX uwDEltwbtAAFPF+iHAL8Ub87fWE+ZpZzIDKOCR12Py50bn/aMcQDNteylJq/vp6F yo3Hc5NnS0Oae17Z1gMeQ94V/XuvEEAsQax5J3f1gU00q7/kbx9xrSJs7OXuXU5V aUWDxbCa5DE8BrEXPoytmNQRy8dPjSes2Ve66augyCPk8AJ5z0BMHr/Mjw6v6h6P naf4l9BM0rPDuUfMJwT8KjqefgY5KnKkRwR2NttKiGupsqcTGoYG5ZZZZlyk1vt4 o6/G9p6iY8edO5xU7rymIIQSffGlksO7NMByiDw+NI6PlI8sSUDqUsvoRhWqJ7ZH +3EZQNaj9rHxoWL4suOTPeAixbzfZ1HtqBl5jaTp3tuzBFp+BTMWlvoup9GXGEq1 eczkhBekBJMZOqWjL7erLxkfeCYmyhtVbGVanjWqOKigMDojS8Me1MgLY1AyUfiA sgOI0mjJGcl5w2iWe9T2WdN4Adu02et1yQ7Hu+J7Oqw4V9E5gw0DqbECNay3ttx9 8TSXFnyqido= =NuwC - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: polkit security update Advisory ID: RHSA-2022:0273-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0273 Issue date: 2022-01-25 CVE Names: CVE-2021-4034 ===================================================================== 1. Summary: An update for polkit is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64 3. Description: The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix(es): * polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.7): Source: polkit-0.112-22.el7_7.2.src.rpm noarch: polkit-docs-0.112-22.el7_7.2.noarch.rpm x86_64: polkit-0.112-22.el7_7.2.i686.rpm polkit-0.112-22.el7_7.2.x86_64.rpm polkit-debuginfo-0.112-22.el7_7.2.i686.rpm polkit-debuginfo-0.112-22.el7_7.2.x86_64.rpm polkit-devel-0.112-22.el7_7.2.i686.rpm polkit-devel-0.112-22.el7_7.2.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.7): Source: polkit-0.112-22.el7_7.2.src.rpm noarch: polkit-docs-0.112-22.el7_7.2.noarch.rpm ppc64le: polkit-0.112-22.el7_7.2.ppc64le.rpm polkit-debuginfo-0.112-22.el7_7.2.ppc64le.rpm polkit-devel-0.112-22.el7_7.2.ppc64le.rpm x86_64: polkit-0.112-22.el7_7.2.i686.rpm polkit-0.112-22.el7_7.2.x86_64.rpm polkit-debuginfo-0.112-22.el7_7.2.i686.rpm polkit-debuginfo-0.112-22.el7_7.2.x86_64.rpm polkit-devel-0.112-22.el7_7.2.i686.rpm polkit-devel-0.112-22.el7_7.2.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.7): Source: polkit-0.112-22.el7_7.2.src.rpm noarch: polkit-docs-0.112-22.el7_7.2.noarch.rpm x86_64: polkit-0.112-22.el7_7.2.i686.rpm polkit-0.112-22.el7_7.2.x86_64.rpm polkit-debuginfo-0.112-22.el7_7.2.i686.rpm polkit-debuginfo-0.112-22.el7_7.2.x86_64.rpm polkit-devel-0.112-22.el7_7.2.i686.rpm polkit-devel-0.112-22.el7_7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4034 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfCFX9zjgjWX9erEAQgPOQ//b9MRzMYCC91JW0FoWO/qW+0YTf9VbXPF KbotTfUZWRw9ppcWr5bcECwd5Ax9Nuio+W0F2BbE4L0zji3Kh9CsMBVFjjHI6xQU uKIs8nsxMPbIV4r2ChlxYfmkGKwIKL4Bsgv77JX6VyGRy7iXmTywsuRChbyAeO+U QEi/csHpFKx3aCCckCYpWUELl3/ZSnb6O6B2OdblF7EI6T7DyMTzONwpQLwvST3I tVFWjP2B6fHXIHDPhcjMiar4iaKlAG4vSRQNh6QvY9eBwahPcTaMae/Q7H1xiGb8 DAyuqWk0xClpp7EajKSonSJZZ1gI04rfUCPAsqgyPLLXz2ZH5h5Zlca+C/5hTUlF 57VFBU9KARqZDr/l1OE0rpFbG7PMbVs/3edDqnYgLl9wW+2Zf5zka1fpKWhNNmiz ivNb7/ssQbSc+P8FpN1WYtjjdIXauMiu6LpopzlMRKQBByOoV7O50Fzl2bOYbg5w y5ffn8jaTLTaX/Z1mmYflOLE0otEMjPUcklqZtmyvkn9+de6/wwnzZINAKRYUHfi G3zVgpChluFLLhbX9W9d/tSJCPhFbEXCswmpLJMQ/fMPJmBrO71FOKqjTvng4+/G cyM5Wtg0aSD/bbhSilydfS4T0S5z3AFrGsZopDXZ08/S8tdE3jUkIDGetBBZvD9J hdzh/b1T/+8= =eHNs - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: polkit security update Advisory ID: RHSA-2022:0274-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0274 Issue date: 2022-01-25 CVE Names: CVE-2021-4034 ===================================================================== 1. Summary: An update for polkit is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix(es): * polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: polkit-0.112-26.el7_9.1.src.rpm x86_64: polkit-0.112-26.el7_9.1.i686.rpm polkit-0.112-26.el7_9.1.x86_64.rpm polkit-debuginfo-0.112-26.el7_9.1.i686.rpm polkit-debuginfo-0.112-26.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: polkit-docs-0.112-26.el7_9.1.noarch.rpm x86_64: polkit-debuginfo-0.112-26.el7_9.1.i686.rpm polkit-debuginfo-0.112-26.el7_9.1.x86_64.rpm polkit-devel-0.112-26.el7_9.1.i686.rpm polkit-devel-0.112-26.el7_9.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: polkit-0.112-26.el7_9.1.src.rpm x86_64: polkit-0.112-26.el7_9.1.i686.rpm polkit-0.112-26.el7_9.1.x86_64.rpm polkit-debuginfo-0.112-26.el7_9.1.i686.rpm polkit-debuginfo-0.112-26.el7_9.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: polkit-docs-0.112-26.el7_9.1.noarch.rpm x86_64: polkit-debuginfo-0.112-26.el7_9.1.i686.rpm polkit-debuginfo-0.112-26.el7_9.1.x86_64.rpm polkit-devel-0.112-26.el7_9.1.i686.rpm polkit-devel-0.112-26.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: polkit-0.112-26.el7_9.1.src.rpm noarch: polkit-docs-0.112-26.el7_9.1.noarch.rpm ppc64: polkit-0.112-26.el7_9.1.ppc.rpm polkit-0.112-26.el7_9.1.ppc64.rpm polkit-debuginfo-0.112-26.el7_9.1.ppc.rpm polkit-debuginfo-0.112-26.el7_9.1.ppc64.rpm polkit-devel-0.112-26.el7_9.1.ppc.rpm polkit-devel-0.112-26.el7_9.1.ppc64.rpm ppc64le: polkit-0.112-26.el7_9.1.ppc64le.rpm polkit-debuginfo-0.112-26.el7_9.1.ppc64le.rpm polkit-devel-0.112-26.el7_9.1.ppc64le.rpm s390x: polkit-0.112-26.el7_9.1.s390.rpm polkit-0.112-26.el7_9.1.s390x.rpm polkit-debuginfo-0.112-26.el7_9.1.s390.rpm polkit-debuginfo-0.112-26.el7_9.1.s390x.rpm polkit-devel-0.112-26.el7_9.1.s390.rpm polkit-devel-0.112-26.el7_9.1.s390x.rpm x86_64: polkit-0.112-26.el7_9.1.i686.rpm polkit-0.112-26.el7_9.1.x86_64.rpm polkit-debuginfo-0.112-26.el7_9.1.i686.rpm polkit-debuginfo-0.112-26.el7_9.1.x86_64.rpm polkit-devel-0.112-26.el7_9.1.i686.rpm polkit-devel-0.112-26.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: polkit-0.112-26.el7_9.1.src.rpm noarch: polkit-docs-0.112-26.el7_9.1.noarch.rpm x86_64: polkit-0.112-26.el7_9.1.i686.rpm polkit-0.112-26.el7_9.1.x86_64.rpm polkit-debuginfo-0.112-26.el7_9.1.i686.rpm polkit-debuginfo-0.112-26.el7_9.1.x86_64.rpm polkit-devel-0.112-26.el7_9.1.i686.rpm polkit-devel-0.112-26.el7_9.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4034 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfCFatzjgjWX9erEAQhpKg/+LhOLdP8hjpv+3hJgF6iJuIjK9pOslbjG FaXBkPYJs8cLYjo6yaq+N3cMe1YfYtCAfCG7o1GbnQ133FCcmTmI9LguqtXL78AQ p2ebqMfAp4Xof03TkFGNWZR8McQiXtV0kxGuWKkDh3f8ch2KJmaIeVs6ctoTaMQJ viIBeOya6H7RCHatCzDvgrrrX6scHGrewa7ne9VwcusPXvRF86xYds2qp9ZZuau3 HgXvsXvECmq06nDZgCMQJ6/ecego7GDz/EDZgCr6rPirftiYeaHpqIvPHRbEuiUh tFlkV0X5fK6gjbPBlp9QZPE4JZESmHg7N//SRqWuwE4hVBrB5GqO0SZE52rGTyq9 RypkyRria7pc1x6kMNQlFH5e776BAdy3+3zg42iaHociUwlNdAB7bEUQtn+OJHZv uh1yY6fZM5gvTJvbaeg8Aq0TAnGLP1JOcQT1p8g5qsaNC61Tyzmj59aBIMRkyud6 f5VXcxsVD96XXwbKDCcnYBPs4fXE7xg1WuxTr/NiLOuy19vhnH/y5EVJTe1IpLqc RXfWCzYo2AGxiTNnEhE/FSAs8e4V7FS7m+Oty6HAuXXMrNrUF0JMMURyScUEbe79 Tu/XEGW58h9MTP8kt59O3cOnpHgFAS2ZWmooXkdvO4sCLh9ugFLP8lpTvpUpZmTq 529DIgncmPA= =NOdQ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYfHpkONLKJtyKPYoAQh1Nw//bqUsGnJt6sAOFbfx869zJDmIu6lJEqbI 0QJfEkqv8g8XeSrANpcUfYVr10szEjNxv8W0r7IioGE3Y+iV2+AH2jTqGykMHpYG OMYip9hJKwnhjZJg3gC2wtjBKVFZd//4CmkdJUAFbfGD8tiUXbc0Kd84Ub7L/a5B WixBIyUXqK4FoZhbRWW1fm+nTlsWvyUbzjsvgpenWXHL+kwW3TmhDismURA7VyYa Ja8kYY3h0v/1SrSTLt1GoWmiuzCvEbfr8GRDYO4XUd+3wgMyJo7gyI1Llj7zHnGy EWDoKbCUkfK+VSBBH8h2YQq9/C0xgS1J75qCc5v/+2MY/dVpIoMcf6u1+X0g0n0M tranKIlf1hl3jZGJIo0qnxh/+nyftnsd89wcXJ8FPxMvMTk8PuLQSLLSSGc5Zq/i 2ps49XUDY+vwk85YJDZiBj/+B+YTgN5uR6Q2bGkXlk9lb9g8nVV2AMGmrLVoATRo QpuTDomYJ2lqSVVqE6uhIo2GP3GZPjXQVJVpna5uBMtIC90erf2gfVmqHPjagJin LRuBN9r+M1CuB9TMfL/rZVwG9w7GqjPBKVJtHYsWW714N9wzSxDdj7n8EXAgoDdh +MFIixEEIJwHWljhk0pMexzr9EtRmVx9WK19X1Gl/ocI5pWUs7WoLrs2gG2+Q4rF cTLnh9U2s0E= =nbuu -----END PGP SIGNATURE-----