Open pdcastro opened 2 years ago
The Fin CM3 Raspbian v0.1.0 image available for download at https://www.balena.io/fin/1.1/docs/downloads/ is affected by vulnerability CVE-2021-4034 (PwnKit) - https://www.bleepingcomputer.com/news/security/linux-system-service-bug-gives-root-on-all-major-distros-exploit-released/
@fisehara kindly ran some tests to confirm it:
which pkexec
sudo apt update && sudo apt upgrade
sudo apt install policykit-1
Fix / Workaround:
We should produce a new image version that is not affected (that includes the upgraded packages) to replace v0.1.0.
[pdcastro] This issue has attached support thread https://jel.ly.fish/413df998-060f-4eee-9de1-75667c140ac1
The Fin CM3 Raspbian v0.1.0 image available for download at https://www.balena.io/fin/1.1/docs/downloads/ is affected by vulnerability CVE-2021-4034 (PwnKit) - https://www.bleepingcomputer.com/news/security/linux-system-service-bug-gives-root-on-all-major-distros-exploit-released/
@fisehara kindly ran some tests to confirm it:
which pkexec
existssudo apt update && sudo apt upgrade
sudo apt install policykit-1
Fix / Workaround:
sudo apt update && sudo apt upgrade
sudo apt install policykit-1
We should produce a new image version that is not affected (that includes the upgraded packages) to replace v0.1.0.