Vulnerability & Impact
Polkit (formerly PolicyKit) is a "component for controlling system-wide privileges in Unix-like operating systems."
It is installed by default on all major Linux distributions.
A vulnerability was discovered in Polkit, which if successfully exploited "allows any unprivileged user to gain full root privileges".
You can read more on the topic here.
Solution
The Polkit component has to be updated to the latest version.
The instructions to patch all relevant linux distributions supported by SURF Research Cloud service are bellow.
Noteworthy, new workspaces created from SURF catalog items will already be patched.
Update instructions
CentOS 7
sudo yum upgrade
CentOS 8
sudo yum -y remove polkit
curl http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/polkit-libs-0.115-13.el8_5.1.x86_64.rpm --output polkit-libs-0.115-13.el8_5.1.x86_64.rpm
sudo yum -y --nogpgcheck localinstall polkit-libs-0.115-13.el8_5.1.x86_64.rpm
curl http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/polkit-0.115-13.el8_5.1.x86_64.rpm --output polkit-0.115-13.el8_5.1.x86_64.rpm
sudo yum -y --nogpgcheck localinstall polkit-0.115-13.el8_5.1.x86_64.rpm
Ubuntu 18
sudo apt-get update
sudo apt-get --only-upgrade install policykit-1
Ubuntu 20
sudo apt-get update
sudo apt-get --only-upgrade install policykit-1
Update only needed if your workspace is older than 12/05/2021