CVE-2021-4034 (pwnkit)
polkit vulnerability patch?
With the recent polkit root compromise vulnerability, do you know when centOS 7 will release the updated polkit package? RHEL has it available already.
CVE-2021-4034 (pwnkit)
RedHat has a polkit-0.112-26.el7_9.1 available.
When can we expect an updated PolKit package for CentOS 7?
When can we expect an updated PolKit package for CentOS 7?
Re: CVE-2021-4034 (pwnkit)
The update is built and has been through QA, it neds to be signed and released but it's the middle of the night in the USA so...
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 184
- Joined: 2009/01/30 19:58:25
- Location: California
Re: CVE-2021-4034 (pwnkit)
I see the polkit update now available for CentOS 7.
-
- Posts: 1
- Joined: 2022/01/26 19:17:06
Re: CVE-2021-4034 (pwnkit)
@hawaiian717:
Unfortunatly i cannot find any update for polkit. Where did you see it?
http://mirror.centos.org/centos/7/os/x86_64/Packages/
Unfortunatly i cannot find any update for polkit. Where did you see it?
http://mirror.centos.org/centos/7/os/x86_64/Packages/
Re: CVE-2021-4034 (pwnkit)
Your url is pointing to /os/ and updates do not go into /os/, they go into /updates/. And you should not need to use the URL directly anyway, just yum update
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2021-4034 (pwnkit)
Yum does cache some repository metadata and therefore can occasionally be a bit "out of touch". Flushing caches helps in that:
(The 'clean' could be more specific than 'all', but I've never bothered to read the whole manual ...)
Personally, I did multiple machines simultaneously with:
Code: Select all
yum clean all
yum update
Personally, I did multiple machines simultaneously with:
Code: Select all
ansible all --become -m yum -a 'state=latest update_cache=yes name=*'
Re: CVE-2021-4034 (pwnkit)
CentOS 8 with dnf now allows a yum update --refresh so you can skip the clean all step. It does not work on CentOS 7.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2021-4034 (pwnkit)
So is the mitigation to simply install polkit-0.112-26.el7_9.1.src.rpm?
Re: CVE-2021-4034 (pwnkit)
The fixed version is polkit-0.112-26.el7_9.1.x86_64 and it does not require a reboot to take effect.
If there was no fixed package then there's a systemtap mitigation for the exploit listed on the Red Hat info page about this.
If there was no fixed package then there's a systemtap mitigation for the exploit listed on the Red Hat info page about this.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke