Closed KenHundley closed 2 years ago
Quick note, I only tested the C version. I didn't try running the python script
Hi,
I was not able to reproduce the behaviour. It gives a false-positive result. Can you try it again and include versions of the packages and the output of the program?
Sure, I'll try it again later today and document everything
It may have been a false positive because polkit doesn't appear to be installed by default in the UBI base image I'm using.
Steps to reproduce:
Sry of the confusion, but everything matched my expectations. I ran the tool, it said I was vulnerable, I installed the latest package, it said I was patched.
I just wanted to let you know that I tested this on a RHEL UBI8 docker image before I noticed the note about Debian and Ubuntu. It did actually work and alert me that the OS was vulnerable, and once I patched it, reported not vulnerable.
The only thing that was off was the output detail. The package name is
polkit
on RHEL, and the update instructionyum install polkit
on RHEL.Thanks, Ken