polkit: fix CVE-2021-4034 polkit privilege escalation
pkexec always assumes there is at least one argument, which can be exploited by crafting the environment and calling it with no arguments. No specific exploit has been published. Update to polkit-0.112-26.el7_9.1. == testing == We just want to see if pkexec stills works. build and install an iso, then $ sudo pkexec --user puppet id Password: # enter sysadmin password uid=52(puppet) gid=52(puppet) groups=52(puppet) $ ==== Closes-bug: 1960087 Signed-off-by: Joe Slater <joe.slater@windriver.com> Change-Id: I267e29d90e75dc772e17f0b5866850b4bb5ac3d2
This commit is contained in:
parent
5f5552b196
commit
6d7ab17023
@ -717,9 +717,9 @@ pixman-0.34.0-1.el7.x86_64.rpm
|
||||
pixman-devel-0.34.0-1.el7.x86_64.rpm
|
||||
# pkgconfig-0.27.1-4.el7.x86_64.rpm provided by mock
|
||||
po4a-0.44-10.el7.noarch.rpm
|
||||
polkit-0.112-26.el7.x86_64.rpm
|
||||
polkit-devel-0.112-26.el7.x86_64.rpm
|
||||
polkit-docs-0.112-26.el7.noarch.rpm
|
||||
polkit-0.112-26.el7_9.1.x86_64.rpm
|
||||
polkit-devel-0.112-26.el7_9.1.x86_64.rpm
|
||||
polkit-docs-0.112-26.el7_9.1.noarch.rpm
|
||||
polkit-pkla-compat-0.1-4.el7.x86_64.rpm
|
||||
poppler-0.26.5-20.el7.x86_64.rpm
|
||||
poppler-data-0.4.6-3.el7.noarch.rpm
|
||||
|
@ -713,7 +713,7 @@ plexus-interpolation-1.15-8.el7.noarch.rpm
|
||||
plexus-sec-dispatcher-1.4-13.el7.noarch.rpm
|
||||
plexus-utils-3.0.9-9.el7.noarch.rpm
|
||||
pm-utils-1.4.1-27.el7.x86_64.rpm
|
||||
polkit-0.112-26.el7.x86_64.rpm
|
||||
polkit-0.112-26.el7_9.1.x86_64.rpm
|
||||
polkit-pkla-compat-0.1-4.el7.x86_64.rpm
|
||||
# popt-1.13-16.el7.x86_64.rpm provided by mock
|
||||
popt-devel-1.13-16.el7.x86_64.rpm
|
||||
|
Loading…
x
Reference in New Issue
Block a user