[FREEPBX-23264] SNG7 vulnerable version of Polkit (CVE-2021-4034) - Sangoma Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 14, 15, 16
Fix Version/s: 14, 15, 16
Component/s: FreePBX Distro
Labels:
None

Sprint:
Sprint 67
ToDo:

Module Fix Version:
- 14
- 15
- 16

Description

https://access.redhat.com/security/vulnerabilities/RHSB-2022-001

I've downloaded the bash script from here:
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001#diagnose

and ran on 16 Distro:

# cat /etc/schmooze/pbx-version
12.7.8-2201-3.sng7
# ./cve-2021-4034--2022-01-25-0936.sh

This script (v1.0) is primarily designed to detect CVE-2021-4034 on supported
Red Hat Enterprise Linux systems and kernel packages.
Result may be inaccurate for other RPM based systems.

Detected 'polkit' package: polkit-0.112-26.el7.x86_64
This polkit version is vulnerable.
Follow https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 for advice.

This polkit version is vulnerable.

Gliffy Diagrams

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

image-2022-01-26-16-57-01-089.png
66 kB
26/Jan/22 3:57 PM

Activity

People

Assignee:

Franck Danard [X] (Inactive)

Reporter:

Lorne Gaetz

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

26/Jan/22 2:35 PM

Updated:

04/Mar/22 10:33 AM

Resolved:

02/Feb/22 3:36 AM

NextupJiraPlusStatus

Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.