polkit: fix CVE-2021-4034 polkit privilege escalation

pkexec always assumes there is at least one argument, which can be exploited by crafting the environment and calling it with no arguments. No specific exploit has been published. Update to polkit-0.112-26.el7_9.1. == testing == We just want to see if pkexec stills works. build and install an iso, then $ sudo pkexec --user puppet id Password: # enter sysadmin password uid=52(puppet) gid=52(puppet) groups=52(puppet) $ ==== Closes-bug: 1960087 Signed-off-by: Joe Slater <joe.slater@windriver.com> Change-Id: I267e29d90e75dc772e17f0b5866850b4bb5ac3d2
2022-02-07 13:21:38 -05:00 · 2022-02-07 13:21:38 -05:00 · 6d7ab17023
commit 6d7ab17023
parent 5f5552b196
2 changed files with 4 additions and 4 deletions
--- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst
+++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst
@ -717,9 +717,9 @@ pixman-0.34.0-1.el7.x86_64.rpm
 pixman-devel-0.34.0-1.el7.x86_64.rpm
 # pkgconfig-0.27.1-4.el7.x86_64.rpm provided by mock
 po4a-0.44-10.el7.noarch.rpm
-polkit-0.112-26.el7.x86_64.rpm
-polkit-devel-0.112-26.el7.x86_64.rpm
-polkit-docs-0.112-26.el7.noarch.rpm
+polkit-0.112-26.el7_9.1.x86_64.rpm
+polkit-devel-0.112-26.el7_9.1.x86_64.rpm
+polkit-docs-0.112-26.el7_9.1.noarch.rpm
 polkit-pkla-compat-0.1-4.el7.x86_64.rpm
 poppler-0.26.5-20.el7.x86_64.rpm
 poppler-data-0.4.6-3.el7.noarch.rpm
--- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst
+++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst
@ -713,7 +713,7 @@ plexus-interpolation-1.15-8.el7.noarch.rpm
 plexus-sec-dispatcher-1.4-13.el7.noarch.rpm
 plexus-utils-3.0.9-9.el7.noarch.rpm
 pm-utils-1.4.1-27.el7.x86_64.rpm
-polkit-0.112-26.el7.x86_64.rpm
+polkit-0.112-26.el7_9.1.x86_64.rpm
 polkit-pkla-compat-0.1-4.el7.x86_64.rpm
 # popt-1.13-16.el7.x86_64.rpm provided by mock
 popt-devel-1.13-16.el7.x86_64.rpm