A vulnerability in polkit could lead to local root privilege escalation.
|Package||sys-auth/polkit on all architectures|
|Affected versions||< 0.119|
|Unaffected versions||>= 0.119|
polkit is a toolkit for managing policies related to unprivileged processes communicating with privileged process.
The function polkit_system_bus_name_get_creds_sync() was called without checking for error, and as such temporarily treats the authentication request as coming from root.
Please review the referenced CVE identifiers for details.
There is no known workaround at this time.
All polkit users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.119"
July 13, 2021
July 13, 2021: 1