Vulnerability & Impact

Polkit (formerly PolicyKit) is a "component for controlling system-wide privileges in Unix-like operating systems."
It is installed by default on all major Linux distributions.

A vulnerability was discovered in Polkit, which if successfully exploited "allows any unprivileged user to gain full root privileges".
You can read more on the topic here.

Solution

The Polkit component has to be updated to the latest version.

The instructions to patch all relevant linux distributions supported by SURF Research Cloud service are bellow.
Noteworthy, new workspaces created from SURF catalog items will already be patched.

Update instructions

CentOS 7

sudo yum upgrade

CentOS 8

sudo yum -y remove polkit

curl http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/polkit-libs-0.115-13.el8_5.1.x86_64.rpm --output polkit-libs-0.115-13.el8_5.1.x86_64.rpm
sudo yum -y --nogpgcheck localinstall polkit-libs-0.115-13.el8_5.1.x86_64.rpm

curl http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/polkit-0.115-13.el8_5.1.x86_64.rpm --output polkit-0.115-13.el8_5.1.x86_64.rpm
sudo yum -y --nogpgcheck localinstall polkit-0.115-13.el8_5.1.x86_64.rpm

Ubuntu 18

sudo apt-get update
sudo apt-get --only-upgrade install policykit-1

Ubuntu 20

sudo apt-get update
sudo apt-get --only-upgrade install policykit-1
Update only needed if your workspace is older than 12/05/2021
  • No labels