Package: policykit-1
Version: 0.105-31+devuan1
Severity: critical
Tags: security
Justification: root security hole
X-Debbugs-Cc: dimitris@???
hey,
just a heads up on a very recent vulnerability found in polkit. a Local
Privilege Escalation in polkit's pkexec (CVE-2021-4034). fixed in some
versions in debian, probably devuan needs to address this too.
links :
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
https://security-tracker.debian.org/tracker/CVE-2021-4034
thanks in advance,
d.
-- System Information:
Distributor ID: Devuan
Description: Devuan GNU/Linux 5 (daedalus/ceres)
Release: 5
Codename: daedalus ceres
Architecture: x86_64
Kernel: Linux 5.16.2-xanmod1 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8), LANGUAGE
not set
Shell: /bin/sh linked to /bin/dash
Init: runit (via /run/runit.stopit)
LSM: AppArmor: enabled
Versions of packages policykit-1 depends on:
ii dbus 1.12.20-3+devuan3
ii libc6 2.33-4
ii libelogind0 246.10-3
ii libexpat1 2.4.3-2
ii libglib2.0-0 2.70.2-1
ii libpam-elogind [logind] 246.10-3
ii libpam0g 1.4.0-11
ii libpolkit-agent-1-0 0.105-31+devuan1
ii libpolkit-gobject-1-0 0.105-31+devuan1
ii libpolkit-gobject-elogind-1-0 [libpolkit-gobject-1-0] 0.105-31+devuan1
Versions of packages policykit-1 recommends:
ii lxpolkit [polkit-1-auth-agent] 0.5.5-2+b1
ii policykit-1-gnome [polkit-1-auth-agent] 0.105-7+b1
policykit-1 suggests no packages.
Versions of packages policykit-1 is related to:
ii elogind 246.10-3
ii libpam-elogind [libpam-systemd] 246.10-3
pn systemd <none>
-- no debconf information
::
[devuan-dev] bug#658: policykit-1: …
