CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
43.4%
New polkit packages are available for Slackware 15.0 and -current to
fix a security issue.
Here are the details from the Slackware 15.0 ChangeLog:
patches/packages/polkit-0.120-i586-3_slack15.0.txz: Rebuilt.
Patched to fix a security issue where an unprivileged user could cause a
denial of service due to process file descriptor exhaustion.
Thanks to marav.
For more information, see:
https://vulners.com/cve/CVE-2021-4115
(* Security fix *)
Where to find the new packages:
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/polkit-0.120-i586-3_slack15.0.txz
Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/polkit-0.120-x86_64-3_slack15.0.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/polkit-0.120-i586-3.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/polkit-0.120-x86_64-3.txz
MD5 signatures:
Slackware 15.0 package:
7e8717d345201b4e9ae1e4d0f2ac4ae6 polkit-0.120-i586-3_slack15.0.txz
Slackware x86_64 15.0 package:
c12086a9a2b40fce23f5fd2c6e1e748f polkit-0.120-x86_64-3_slack15.0.txz
Slackware -current package:
964cf813e843882581104f34bbc77063 l/polkit-0.120-i586-3.txz
Slackware x86_64 -current package:
bcfd423bccf8c2058643adbb40f102a9 l/polkit-0.120-x86_64-3.txz
Installation instructions:
Upgrade the package as root:
> upgradepkg polkit-0.120-i586-3_slack15.0.txz
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Slackware | 15.0 | i586 | polkit | < 0.120 | polkit-0.120-i586-3_slack15.0.txz |
Slackware | 15.0 | x86_64 | polkit | < 0.120 | polkit-0.120-x86_64-3_slack15.0.txz |
Slackware | current | i586 | polkit | < 0.120 | polkit-0.120-i586-3.txz |
Slackware | current | x86_64 | polkit | < 0.120 | polkit-0.120-x86_64-3.txz |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
43.4%