[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2899-1] policykit-1 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2899-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                 Salvatore Bonaccorso
January 25, 2022                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : policykit-1
Version        : 0.105-18+deb9u2
CVE ID         : CVE-2021-4034

The Qualys Research Labs discovered a local privilege escalation in
PolicyKit's pkexec.

Details can be found in the Qualys advisory at
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt

For Debian 9 stretch, this problem has been fixed in version
0.105-18+deb9u2.

We recommend that you upgrade your policykit-1 packages.

For the detailed security status of policykit-1 please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/policykit-1

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmHwOD5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Qp4g//ai7Yr3YkGxgseyjZQt6bkPqcQejte6wfj6SF7R/i510dRVK2ZGC+tE0H
tFmhyCqskpVW32HCEI/8cbx2EbtN3l+W1AYpEzp8kha2upMTMS88dUN8lTrg1rlt
CwuqV8Rmd5vaCvPZLeF4fUVjbucm9Y//V7FnaFKcbpreNqAozGcHdoHoMCV5cxL2
eUuy57n6zlZQMUZanwrFhsfd+ryqrs12fh6TuDg8XearJXys2NHcKDL8CQyTUlwl
/cj82+XSC1Uyh1Y2SiLpc4IG7PsQpSm9qe151lJFlysf+7KZC4pB0DpKvpLZRItq
ncCDyZx0T/OzoGGn4AfhrliFFPp4s3wr4U4vP6KRdb1zNkkxFi1DN7DDIOKbYfr1
ysyClKVtkacw4bBCOzvlohq+L2GFHYPqFOM0/BkgbImm/rS9mSh3eb45x+CCwFY4
my+YSFNzVrquhOlAkdV3OjTno1sWexrrqEz5cuo56nXCAX1EKuKvoa3jlBDazYgw
TVvjap8Kv8P64w2v54Bi044/OEmcV7yrKhRHJT7sgkFUaSJPWdbLOtkRmiJalU7p
/ChzmtyBV2NeI6TQqM7E4Bia2JdluW1KsV4QOCYf8TBIrG/pqT0IK/lMGiYDIu+5
/pKuTlGHeczHq0z/5i2o7S5NkMu0eE7Tun1/wSdztjgjtHG4ncQ=
=6qQO
-----END PGP SIGNATURE-----


Reply to: