[Bug 256405] sysutils/polkit: Update to 0.119

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 256405] sysutils/polkit: Update to 0.119"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 11 Jun 2021 20:05:48 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256405

Bob Frazier <bobf@mrp3.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bobf@mrp3.com

--- Comment #4 from Bob Frazier <bobf@mrp3.com> ---
A new vulnerability in polkit has been discovered on Linux

https://access.redhat.com/security/cve/CVE-2021-3560

This discusses the details of it and steps to repro:

https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/


I have not tried to repro this with older versions of polkit yet (I have
0.114_2 installed on this system, for example) but it is probably worth
investigating before releasing an update of the port.

CVE-2021-3560 was apparently recently discovered and reported yesterday

-- 
You are receiving this mail because:
You are the assignee for the bug.