teamanandtech.org

https://www.zdnet.com/article/nasty-lin ... d-patched/

Anyone heard about this? I would guess that DC hosts aren't likely to be vulnerable.

Shit, I need to update the site server. No laptop so it'll have to wait till I get home.

Debian:
unstable (sid) and testing (bullseye) were affected
10 (buster) and 9 (stretch) are not affected

Ubuntu:
21.04, 20.10, 20.04 were affected
18.04, 16.04, 14.04 are not affected

Red Hat:
Fedora, RHEL 8.2, 8.1, 8 were affected

crashtech wrote: ↑Thu Jun 17, 2021 7:56 pm I would guess that DC hosts aren't likely to be vulnerable.

A scientific application which you downloaded e.g. via boinc, then execute as an unprivileged user such as the boinc user, could elevate its privileges to root if it contained respective malicious code.

Debian 10 isn't affected? Then no worries here since we're running 10.9 on the server.

Debian 10 hosts should have polkit 0.105-25 installed. Debian introduced the upstream bug via a backport into 0.105-26. That's why only unstable and testing were affected. (They are now fixed with polkit 0.105-31. Which you don't need if you have 0.105-25 or older.)

I can't figure out how to implement the fix, nor even how to get meaningful version info out of my hosts. pkcheck --version returns only "0.105".

Here's a download page for polkit:

https://www.freedesktop.org/software/polkit/releases/

Now I need to figure out how to "make" it go.

It appears to me it's already been fixed with a patch on my systems.
Open up synaptic package manager, search for polkit and then get changelog for the package you are interested in checking.

Thanks, biodoc! I went ahead and updated all my rigs after the PrimeGrid challenge ended, and it looks to me like the patch was included in those updates. Seems there should be a quick and easy way to get the pertinent info from a command prompt, though.