Your message dated Wed, 26 Jan 2022 13:07:44 +0000
with message-id <YfFHoBAYS5u30+hO@???>
and subject line Re: bug#658: policykit-1: CVE-2021-4034
has caused the Devuan bug report #658,
regarding policykit-1: CVE-2021-4034
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@???
immediately.)
--
658:
https://bugs.devuan.org/cgi/bugreport.cgi?bug=658
Devuan Bug Tracking System
Contact owner@??? with problems
Package: policykit-1
Version: 0.105-31+devuan1
Severity: critical
Tags: security
Justification: root security hole
X-Debbugs-Cc: dimitris@???
hey,
just a heads up on a very recent vulnerability found in polkit. a Local
Privilege Escalation in polkit's pkexec (CVE-2021-4034). fixed in some
versions in debian, probably devuan needs to address this too.
links :
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
https://security-tracker.debian.org/tracker/CVE-2021-4034
thanks in advance,
d.
-- System Information:
Distributor ID: Devuan
Description: Devuan GNU/Linux 5 (daedalus/ceres)
Release: 5
Codename: daedalus ceres
Architecture: x86_64
Kernel: Linux 5.16.2-xanmod1 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8), LANGUAGE
not set
Shell: /bin/sh linked to /bin/dash
Init: runit (via /run/runit.stopit)
LSM: AppArmor: enabled
Versions of packages policykit-1 depends on:
ii dbus 1.12.20-3+devuan3
ii libc6 2.33-4
ii libelogind0 246.10-3
ii libexpat1 2.4.3-2
ii libglib2.0-0 2.70.2-1
ii libpam-elogind [logind] 246.10-3
ii libpam0g 1.4.0-11
ii libpolkit-agent-1-0 0.105-31+devuan1
ii libpolkit-gobject-1-0 0.105-31+devuan1
ii libpolkit-gobject-elogind-1-0 [libpolkit-gobject-1-0] 0.105-31+devuan1
Versions of packages policykit-1 recommends:
ii lxpolkit [polkit-1-auth-agent] 0.5.5-2+b1
ii policykit-1-gnome [polkit-1-auth-agent] 0.105-7+b1
policykit-1 suggests no packages.
Versions of packages policykit-1 is related to:
ii elogind 246.10-3
ii libpam-elogind [libpam-systemd] 246.10-3
pn systemd <none>
-- no debconf information
Version: 0.105-31.1+devuan1
Dimitris,
On Wed, Jan 26, 2022 at 12:24:28PM +0200, Dimitris wrote:
> Package: policykit-1
> Version: 0.105-31+devuan1
> Severity: critical
> Tags: security
> Justification: root security hole
> X-Debbugs-Cc: dimitris@???
Updated binaries are already in unstable, daedalus, chimaera-security and
beowulf-security. Ascii-security is building.
Mark