Security
Security
A vulnerability in polkit could lead to local root privilege escalation.
| Package | sys-auth/polkit on all architectures |
|---|---|
| Affected versions | < 0.119 |
| Unaffected versions | >= 0.119 |
polkit is a toolkit for managing policies related to unprivileged processes communicating with privileged process.
The function polkit_system_bus_name_get_creds_sync() was called without checking for error, and as such temporarily treats the authentication request as coming from root.
Please review the referenced CVE identifiers for details.
There is no known workaround at this time.
All polkit users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.119"
Release date
July 13, 2021
Latest revision
July 13, 2021: 1
Severity
high
Exploitable
local
Bugzilla entries