CVE-2021-4034 (pwnkit)

[jlehtone]

So is the mitigation to simply install polkit-0.112-26.el7_9.1.src.rpm?

• The *.src.rpm are source packages. The (binary) packages that are installed (x86_64, noarch, i686) are built from those sources.
• If one needs to install polkit, then one did not have older version of polkit, and hence no vulnerability.
• Generally yum update -- the update every installed package with anything that is available -- is the best practice. Cherry picking quickly creates a sour taste.

[Yogesh_ab]

Hi,

Do we have a security update for polkit package for CentOS 6 ?
From redhat site I can see an updated packages is polkit-0.96-11.el6_10.2.x86_64.rpm but that is available for Extended support only, do we have similar package version for CentOS also, if yes can someone please share an link to download the package.
Its a bit urgent request.

Thanks in advance

Regards,
Yogesh

[TrevorH]

No. CentOS 6 has been End of Life for more than 1 year and no more updates will be issued.

If you are seeing errata on the Red Hat page for it then that is for the EUS (extended update support) version of RHEL which is a subscription offering and RH do not publish the source code for those. That makes it impossible for anyone outside RH to rebuild it.