From 3b7263dbbe36631a95b29efe1f17ce9dfb40cc90 Mon Sep 17 00:00:00 2001 From: Sam James Date: Thu, 27 Jan 2022 05:33:39 +0000 Subject: [ GLSA 202201-01 ] Polkit: Local privilege escalation Bug: https://bugs.gentoo.org/832057 Signed-off-by: Sam James --- glsa-202201-01.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 glsa-202201-01.xml (limited to 'glsa-202201-01.xml') diff --git a/glsa-202201-01.xml b/glsa-202201-01.xml new file mode 100644 index 00000000..cd273baf --- /dev/null +++ b/glsa-202201-01.xml @@ -0,0 +1,43 @@ + + + + Polkit: Local privilege escalation + A vulnerability in polkit could lead to local root privilege escalation. + + polkit + 2022-01-27 + 2022-01-27 + 832057 + local + + + 0.120-r2 + 0.120-r2 + + + +

polkit is a toolkit for managing policies related to unprivileged processes communicating with privileged process.

+ + +

Flawed input validation of arguments was discovered in the 'pkexec' program's main() function.

+ + +

A local attacker could achieve root privilege escalation.

+ + +

Run the following command as root: +# chmod 0755 /usr/bin/pkexec

+ + +

Upgrade Polkit to a patched version.

+ + + emerge --ask --verbose ">=sys-auth/polkit-0.120-r2" + + + + CVE-2021-4034 + + sam + sam + -- cgit v1.2.3-65-gdbad