Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-23264

SNG7 vulnerable version of Polkit (CVE-2021-4034)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 14, 15, 16
    • Fix Version/s: 14, 15, 16
    • Component/s: FreePBX Distro
    • Labels:
      None
    • Sprint:
      Sprint 67
    • ToDo:
    • Module Fix Version:

      Description

      https://access.redhat.com/security/vulnerabilities/RHSB-2022-001

      I've downloaded the bash script from here:
      https://access.redhat.com/security/vulnerabilities/RHSB-2022-001#diagnose

      and ran on 16 Distro:

      # cat /etc/schmooze/pbx-version
      12.7.8-2201-3.sng7
      # ./cve-2021-4034--2022-01-25-0936.sh
      
      This script (v1.0) is primarily designed to detect CVE-2021-4034 on supported
      Red Hat Enterprise Linux systems and kernel packages.
      Result may be inaccurate for other RPM based systems.
      
      Detected 'polkit' package: polkit-0.112-26.el7.x86_64
      This polkit version is vulnerable.
      Follow https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 for advice.
      

      This polkit version is vulnerable.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                fdanard Franck Danard
                Reporter:
                lgaetz Lorne Gaetz
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  NextupJiraPlusStatus

                  Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.