Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) - openSUSE Factory - openSUSE Mailing Lists

newer
New package...

Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)

older
openSUSE:Factory - Build fail...

Frank Krüger

26 Jan 2022 26 Jan '22

10:14

Hi there Is there any update in sight? https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt Regards Frank

Reply

Sign in to reply online Use email software

Show replies by date

Frank Krüger

26 Jan 26 Jan

10:23

Am 26.01.22 um 11:14 schrieb Frank Krüger:

Hi there

Is there any update in sight?

https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt

Regards Frank It's on its way: https://bugzilla.opensuse.org/show_bug.cgi?id=1194568

Sorry for the noise. Regards Frank

Reply

Sign in to reply online Use email software

zaggynl

10:23

Appears to be on its way: https://bugzilla.opensuse.org/show_bug.cgi?id=CVE-2021-4034 On 1/26/22 10:14, Frank Krüger wrote:

Hi there

Is there any update in sight?

https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt

Regards Frank

Reply

Sign in to reply online Use email software

Marcus Meissner

11:46

Hi, ah for Factory... there I also submitted it. Ciao, Marcus On Wed, Jan 26, 2022 at 10:23:12AM +0000, zaggynl wrote:

Appears to be on its way:

https://bugzilla.opensuse.org/show_bug.cgi?id=CVE-2021-4034

On 1/26/22 10:14, Frank Krüger wrote:

...
Hi there

Is there any update in sight?

https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt

Regards Frank

Reply

Sign in to reply online Use email software

Marcus Meissner

11:46

On Wed, Jan 26, 2022 at 11:14:23AM +0100, Frank Krüger wrote:

Hi there

Is there any update in sight?

https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt

should be available already via zypper patch. Ciao, Marcus

Reply

Sign in to reply online Use email software

Mathias Homann

11:50

Am Mittwoch, 26. Januar 2022, 12:46:27 CET schrieb Marcus Meissner:

On Wed, Jan 26, 2022 at 11:14:23AM +0100, Frank Krüger wrote:

...
Hi there

Is there any update in sight?

https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt

should be available already via zypper patch.

Ciao, Marcus

didn't show as a patch on TW, but I got it with zypper up. cheers MH -- Mathias Homann Mathias.Homann@openSUSE.org OBS: lemmy04 Jabber (XMPP): lemmy@tuxonline.tech Matrix: @mathias:eregion.de IRC: [Lemmy] on liberachat and ircnet (bouncer active) keybase: https://keybase.io/lemmy gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102

Reply

Sign in to reply online Use email software

Carlos E. R.

13:06

On 26/01/2022 12.50, Mathias Homann wrote:

didn't show as a patch on TW, but I got it with zypper up.

Warning: on TW you should only use "zypper dup". -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)

Reply

Sign in to reply online Use email software

Cristian Rodríguez

28 Jan 28 Jan

20:50

On Wed, Jan 26, 2022 at 7:21 AM Frank Krüger <fkrueger@mailbox.org> wrote:

Hi there

Is there any update in sight?

https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt

The polkit part is already fixed.. bikeshedding and language lawyering rages on about fixing the actual bug which is a kernel issue. https://lwn.net/SubscriberLink/882799/7510d64465c89935/ At least there seems to be consensus on returning EINVAL on the libc syscall wrappers on this case even if the kernel is not changed.

Reply

Sign in to reply online Use email software

1093

Age (days ago)

1095

Last active (days ago)

Download

7 comments

6 participants

tags

participants (6)

Carlos E. R.
Cristian Rodríguez
Frank Krüger
Marcus Meissner
Mathias Homann
zaggynl