Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#73505 - [polkit] PLEASE ENTER SUMMARY

Attached to Project: Arch Linux
Opened by Michael J Evans (mjevans) - Tuesday, 25 January 2022, 22:58 GMT
Last edited by Antonio Rojas (arojas) - Wednesday, 26 January 2022, 08:01 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Security patch for a critical privilege escalation bug

https://seclists.org/oss-sec/2022/q1/82
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683

https://seclists.org/oss-sec/2022/q1/80
pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)

I have attached a copy of the plain diff download. Please see upstream (gitlab) for the source of this code that I did not write.
   CVE-2021-4034-pkexec.diff (1.8 KiB)
This task depends upon

Closed by  Antonio Rojas (arojas)
Wednesday, 26 January 2022, 08:01 GMT
Reason for closing:  Fixed
Additional comments about closing:  0.120-4
Comment by Michael J Evans (mjevans) - Tuesday, 25 January 2022, 23:01 GMT
Forgot to fill out the title, oops. If that's correctable please update to something like: CVE-2021-4034 Local Privilege Escalation in polkit's pkexec
Comment by Michael J Evans (mjevans) - Wednesday, 26 January 2022, 02:58 GMT
The security issues page ( https://security.archlinux.org/package/polkit ) doesn't mention CVE-2021-4034; and the fixed version is only in Testing, not stable.

Loading...