Quick Update on polkit/pwnkit

Q

The internet is alight this week with news of a widespread vulnerability in the Linux “policy kit” framework, specifically a root compromise via the pkexec program, designated CVE-2021-4034.

Most of our systems do not fall under this advisory, and the ones that do have been fully patched. Of note, our Snipe-IT hosting systems were completely unaffected by this advisory.

As always, we take security and transparency very seriously. Please let us know if you have further concerns around this issue.

About the author

By Jerm

Snipe-IT at Laracon

Open Source in Business Interview