RHSA-2022:0267: Red Hat Security Advisory: polkit security update

Skip to navigation Skip to main content

Utilities

• Subscriptions
• Downloads
• Containers
• Support Cases

Infrastructure and Management

• Red Hat Enterprise Linux
• Red Hat Virtualization
• Red Hat Identity Management
• Red Hat Directory Server
• Red Hat Certificate System
• Red Hat Satellite
• Red Hat Subscription Management
• Red Hat Update Infrastructure
• Red Hat Insights
• Red Hat Ansible Automation Platform

Cloud Computing

• Red Hat OpenShift
• Red Hat CloudForms
• Red Hat OpenStack Platform
• Red Hat OpenShift Container Platform
• Red Hat OpenShift Data Science
• Red Hat OpenShift Online
• Red Hat OpenShift Dedicated
• Red Hat Advanced Cluster Security for Kubernetes
• Red Hat Advanced Cluster Management for Kubernetes
• Red Hat Quay
• Red Hat CodeReady Workspaces
• Red Hat OpenShift Service on AWS

Storage

• Red Hat Gluster Storage
• Red Hat Hyperconverged Infrastructure
• Red Hat Ceph Storage
• Red Hat OpenShift Data Foundation

Runtimes

• Red Hat Runtimes
• Red Hat JBoss Enterprise Application Platform
• Red Hat Data Grid
• Red Hat JBoss Web Server
• Red Hat Single Sign On
• Red Hat support for Spring Boot
• Red Hat build of Node.js
• Red Hat build of Thorntail
• Red Hat build of Eclipse Vert.x
• Red Hat build of OpenJDK
• Red Hat build of Quarkus
• Red Hat CodeReady Studio

Integration and Automation

• Red Hat Process Automation
• Red Hat Process Automation Manager
• Red Hat Decision Manager

All Products

Issued:

2022-01-25

Updated:

2022-01-25

RHSA-2022:0267 - Security Advisory

• Overview
• Updated Packages

Synopsis

Important: polkit security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for polkit is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.

Security Fix(es):

• polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
• Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

• BZ - 2025869 - CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector

References

• https://access.redhat.com/security/updates/classification/#important
• https://access.redhat.com/security/vulnerabilities/RHSB-2022-001

Red Hat Enterprise Linux for x86_64 8

SRPM

polkit-0.115-13.el8_5.1.src.rpm

SHA-256: cf769636c664018e8246f6dbbdb46160f816d3af4cbc479ba18334b3c4b4ad2f

x86_64

polkit-0.115-13.el8_5.1.x86_64.rpm

SHA-256: c2947d012b57f889aec6f4abf42bfc3e51b90fb01f7bfb20fc979c0be1b7cd9c

polkit-debuginfo-0.115-13.el8_5.1.i686.rpm

SHA-256: 16be646a7d410cd96562c720110e4564ba83cd19d36188cd64540515495bd67c

polkit-debuginfo-0.115-13.el8_5.1.x86_64.rpm

SHA-256: 12eb89a9d1a71661ab5e7f6458067600693bae5b61e69712676a65bc3807c368

polkit-debugsource-0.115-13.el8_5.1.i686.rpm

SHA-256: cc9e65a98ab45049159dfde92479841d36b0be1e47e4515043a0f4763a79cfcc

polkit-debugsource-0.115-13.el8_5.1.x86_64.rpm

SHA-256: 4b19613e1d894270f057ae6fc11ac331aa78c88726f5dd52273bfe4e609c353a

polkit-devel-0.115-13.el8_5.1.i686.rpm

SHA-256: ac51a55feb4b8689a71e7d8980d0174432352327d1bad45304f5443f0f2970e2

polkit-devel-0.115-13.el8_5.1.x86_64.rpm

SHA-256: 55cb0b6001a8a257f0e73d6062f9a9cb6fcd9fdc781fdace8b417bc18e14518e

polkit-docs-0.115-13.el8_5.1.noarch.rpm

SHA-256: b48c9a5e119e1bf6ae8a09a9529e1af78beba1451721a40ed3cc1d00b64429c3

polkit-libs-0.115-13.el8_5.1.i686.rpm

SHA-256: 96b8d78d174768cf910d2b37d4f2ef5451db220e3f45218ff0edf99a109639e2

polkit-libs-0.115-13.el8_5.1.x86_64.rpm

SHA-256: b304ef383e89a051bc47b83e25d6001b046e1b8dd6a5879e594046424acc5753

polkit-libs-debuginfo-0.115-13.el8_5.1.i686.rpm

SHA-256: f8a0a805fd1aedda00702f732f4f3e7c32370c40e1d22b76f3027e9506671d50

polkit-libs-debuginfo-0.115-13.el8_5.1.x86_64.rpm

SHA-256: 9d46279b20249f88e7f50279741a8c11f09dd978553085b39eddc21b7917f140

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

polkit-0.115-13.el8_5.1.src.rpm

SHA-256: cf769636c664018e8246f6dbbdb46160f816d3af4cbc479ba18334b3c4b4ad2f

s390x

polkit-0.115-13.el8_5.1.s390x.rpm

SHA-256: 5db212cfd28de63c559db2a7bd8a1bdd3d1a9cb1b4f95254636f2062647b38bb

polkit-debuginfo-0.115-13.el8_5.1.s390x.rpm

SHA-256: 3352c0d7e378b2d7424b21c106fe92b8a425220ff024c9b5776d218a1e638a6a

polkit-debugsource-0.115-13.el8_5.1.s390x.rpm

SHA-256: e66689dc791809900e571de79b2561a174df3843ae95b288798757af39ecb1b2

polkit-devel-0.115-13.el8_5.1.s390x.rpm

SHA-256: 90ff05e4f2e5507046fea3eb6fde3dcf264072aa144b9ec61cbc2b67f711ab3f

polkit-docs-0.115-13.el8_5.1.noarch.rpm

SHA-256: b48c9a5e119e1bf6ae8a09a9529e1af78beba1451721a40ed3cc1d00b64429c3

polkit-libs-0.115-13.el8_5.1.s390x.rpm

SHA-256: b244bba1006eb428745883f42f60c0c1bcf7be27dc7e06563d27867dfe8501a5

polkit-libs-debuginfo-0.115-13.el8_5.1.s390x.rpm

SHA-256: a86c16e7de360bac7c82880f2fb041dac1ba9efd39b344efb4d907895dc23d26

Red Hat Enterprise Linux for Power, little endian 8

SRPM

polkit-0.115-13.el8_5.1.src.rpm

SHA-256: cf769636c664018e8246f6dbbdb46160f816d3af4cbc479ba18334b3c4b4ad2f

ppc64le

polkit-0.115-13.el8_5.1.ppc64le.rpm

SHA-256: a48999db1d440c157fde3a82e6f7b2dca20da084924f1b7f6512f6d015c054bc

polkit-debuginfo-0.115-13.el8_5.1.ppc64le.rpm

SHA-256: 3aed8aeafd53433b9f79b9bade99e14e56f82006120deb5741e25697ff4347ef

polkit-debugsource-0.115-13.el8_5.1.ppc64le.rpm

SHA-256: c3dd25d3afdeb5901ad8f5ea8d8e87a0b7953f9d646945137f4238454bb4ad7a

polkit-devel-0.115-13.el8_5.1.ppc64le.rpm

SHA-256: b6cf188216f94ccb363a7b9a4ad69ff72f073790e669744253d979e4657cf812

polkit-docs-0.115-13.el8_5.1.noarch.rpm

SHA-256: b48c9a5e119e1bf6ae8a09a9529e1af78beba1451721a40ed3cc1d00b64429c3

polkit-libs-0.115-13.el8_5.1.ppc64le.rpm

SHA-256: 04111681241101fa188368c7ba85aeddc643943fcba8c9c77a2c19a51364fe64

polkit-libs-debuginfo-0.115-13.el8_5.1.ppc64le.rpm

SHA-256: 56eae4adbb047b232c0660395e808376934e416f318719a1e215f3607663be0a

Red Hat Enterprise Linux for ARM 64 8

SRPM

polkit-0.115-13.el8_5.1.src.rpm

SHA-256: cf769636c664018e8246f6dbbdb46160f816d3af4cbc479ba18334b3c4b4ad2f

aarch64

polkit-0.115-13.el8_5.1.aarch64.rpm

SHA-256: 1ab3a224a83e1aceab00c8434b742edee27d2d3e1b113531b98a9e0fe588c92a

polkit-debuginfo-0.115-13.el8_5.1.aarch64.rpm

SHA-256: 6c0ee6a0cca03f181da093b5c57e413a255a9d4287bd93427f9955a5c4986862

polkit-debugsource-0.115-13.el8_5.1.aarch64.rpm

SHA-256: 926b75a6097264819dfea9bd90195f6fb7c0c67fca33696dc7cb9be1a91abc0e

polkit-devel-0.115-13.el8_5.1.aarch64.rpm

SHA-256: 20ae9ed1c4b1e45c7b07201bc768b00a65db6f848cb46eaf0471d380a959be5b

polkit-docs-0.115-13.el8_5.1.noarch.rpm

SHA-256: b48c9a5e119e1bf6ae8a09a9529e1af78beba1451721a40ed3cc1d00b64429c3

polkit-libs-0.115-13.el8_5.1.aarch64.rpm

SHA-256: 9a25b6ce6758c4d12e142bfe55fb8df1081bfc3c2ad4164746bb6344f857c146

polkit-libs-debuginfo-0.115-13.el8_5.1.aarch64.rpm

SHA-256: 5565de8db3de2de02d4334e79ae7cdb2962d0a680cf36d2ffcf8633d8fb85259

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.