Thank you for reading the LinuxSecurity Linux Advisory Watch newsletter!
Today’s newsletter is sponsored by RoseHosting. For fast, secure and fully-managed Linux hosting, check out RoseHosting VPS hosting.
This week, important updates have been issued for PHP, polkit and djvulibre.
We recommend that you visit our Advisories page frequently to see the latest security advisories that have been issued by your Linux distro(s). We also now offer the ability to personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select.
On behalf of the LinuxSecurity.com administrative team, I would like to extend a warm welcome to our newly redesigned site!
Yours in Open Source,
PHP
|
polkitThe DiscoveryA high-severity vulnerability in polkit, a toolkit for managing policies related to unprivileged processes communicating with privileged processes, has been discovered (CVE-2021-3560). The issue involves the function polkit_system_bus_name_get_creds_sync() being called without checking for errors, temporarily treating the authentication request as if it were coming from root. The ImpactThis flaw could lead to local root privilege escalation. The FixAll polkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.119" Your Related Advisories:Register to Customize Your Advisories div for preview ad-image
|
djvulibre
|